More narrowly scope IAM policies
e9ab0a083178
Actions

Description

More narrowly scope IAM policies

Summary:
Previously, we granted dagit and daemon AmazonECS_FullAccess. This
enabled them to do everything they needed - and then some.

This more narrowly scopes the policies attached to each.

dagit only needs to be able to describe tasks to check if a run can be
terminated and to terminate it.

daemon needs to be able to describe a number of different things about a
task so that it can register new task definitions and trigger task runs.

Both include passrole permissions borrowed from AmazonECS_FullAccess.

Test Plan: Deploy and launch a pipeline

Reviewers: dgibson, max, johann

Reviewed By: dgibson, johann

Differential Revision: https://dagster.phacility.com/D8995

Details

Provenance

• jordansanders

Authored on Jul 21 2021, 7:11 PM

Reviewer

• dgibson

Differential Revision

D8995: More narrowly scope IAM policies

Parents

R1:00d73bb34601: Infer cluster from tags

Branches

Unknown

Tags

Unknown

Event Timeline

• jordansanders committed R1:e9ab0a083178: More narrowly scope IAM policies (authored by • jordansanders).Jul 21 2021, 10:28 PM

• jordansanders added an edge: D8995: More narrowly scope IAM policies.

Changes (2)

Path

Size

examples/

deploy_ecs/

docker-compose.yml

repo.py

R1:e9ab0a083178

View Options

examples/deploy_ecs/docker-compose.yml