diff options
| author | Will Thames <will@thames.id.au> | 2018-06-06 19:48:00 +1000 |
|---|---|---|
| committer | Will Thames <will@thames.id.au> | 2018-06-06 20:51:50 +1000 |
| commit | a60fe1946c98996355a66e29ea487f96c9d3c629 (patch) | |
| tree | f6db2b4153970acbf5aea8dc94fd0159d48364bd /hacking | |
| parent | fbcd6f8a65e40703408ddd483e5a7a8b4f40dc2c (diff) | |
| download | ansible-a60fe1946c98996355a66e29ea487f96c9d3c629.tar.gz | |
Remove ECS policies from AWS compute policy
The compute policy was exceeding maximum size and contained
policies that already exist in ecs-policy.
Look up suitable AMIs rather than hardcode
We don't want to maintain multiple image IDs for multiple regions
so use ec2_ami_facts to set a suitable image ID
Improve exception handling
Diffstat (limited to 'hacking')
| -rw-r--r-- | hacking/aws_config/testing_policies/compute-policy.json | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/hacking/aws_config/testing_policies/compute-policy.json b/hacking/aws_config/testing_policies/compute-policy.json index c9f31a4062..be4c4d0d51 100644 --- a/hacking/aws_config/testing_policies/compute-policy.json +++ b/hacking/aws_config/testing_policies/compute-policy.json @@ -109,29 +109,6 @@ "arn:aws:ec2:{{aws_region}}:{{aws_account}}:*" ] }, - { - "Sid": "UnspecifiedCodeRepositories", - "Effect": "Allow", - "Action": [ - "ecr:DescribeRepositories", - "ecr:CreateRepository" - ], - "Resource": "*" - }, - { - "Sid": "SpecifiedCodeRepositories", - "Effect": "Allow", - "Action": [ - "ecr:GetRepositoryPolicy", - "ecr:SetRepositoryPolicy", - "ecr:DeleteRepository", - "ecr:DeleteRepositoryPolicy", - "ecr:DeleteRepositoryPolicy" - ], - "Resource": [ - "arn:aws:ecr:{{aws_region}}:{{aws_account}}:repository/ansible-*" - ] - }, {# According to http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html #} {# Resource level access control is not possible for the new ELB API (providing Application Load Balancer functionality #} {# While it remains possible for the old API, there is no distinction of the Actions between old API and new API #} @@ -239,29 +216,6 @@ ] }, { - "Sid": "AllowECSManagement", - "Effect": "Allow", - "Action": [ - "application-autoscaling:Describe*", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget", - "cloudwatch:DescribeAlarms", - "cloudwatch:PutMetricAlarm", - "ecs:CreateCluster", - "ecs:CreateService", - "ecs:DeleteCluster", - "ecs:DeleteService", - "ecs:Describe*", - "ecs:DeregisterTaskDefinition", - "ecs:List*", - "ecs:RegisterTaskDefinition", - "ecs:UpdateService" - ], - "Resource": [ - "*" - ] - }, - { "Sid": "AllowSESManagement", "Effect": "Allow", "Action": [ |