codepipeline: EcsDeployAction missing ecs:TagResource #29400

pahud · 2024-03-07T16:46:29Z

Describe the bug

According to the document, ecs:TagResource is required for the role but missing in our code:

aws-cdk/packages/aws-cdk-lib/aws-codepipeline-actions/lib/ecs/deploy-action.ts

Lines 84 to 92 in f0383d6

    
           options.role.addToPolicy(new iam.PolicyStatement({ 
        
             actions: [ 
        
               'ecs:DescribeServices', 
        
               'ecs:DescribeTaskDefinition', 
        
               'ecs:DescribeTasks', 
        
               'ecs:ListTasks', 
        
               'ecs:RegisterTaskDefinition', 
        
               'ecs:UpdateService', 
        
             ],

Expected Behavior

The correct policy statement should be updated:

{
    "Effect": "Allow",
    "Action": [
        "ecs:DescribeServices",
        "ecs:DescribeTaskDefinition",
        "ecs:DescribeTasks",
        "ecs:ListTasks",
        "ecs:RegisterTaskDefinition",
        "ecs:TagResource",
        "ecs:UpdateService"
    ],
    "Resource": "resource_ARN"
},

Current Behavior

missing ecs:TagResource

Reproduction Steps

N/A

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

v2.131.0

Framework Version

No response

Node.js Version

all versions

OS

all

Language

TypeScript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

pahud · 2024-03-07T16:47:26Z

internal tracking V1285811012

### Issue # (if applicable) Closes #29400 ### Reason for this change Missing required action as described from the [doc](https://docs.aws.amazon.com/codepipeline/latest/userguide/security-iam.html#how-to-custom-role). ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2024-03-08T00:34:04Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

pahud added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Mar 7, 2024

pahud self-assigned this Mar 7, 2024

pahud added effort/small Small work item – less than a day of effort @aws-cdk/aws-codepipeline Related to AWS CodePipeline labels Mar 7, 2024

pahud mentioned this issue Mar 7, 2024

chore(codepipeline): add missing action for EcsDeployAction #29401

Merged

1 task

pahud added p1 and removed p2 labels Mar 7, 2024

mergify bot closed this as completed in #29401 Mar 8, 2024

github-actions bot mentioned this issue Apr 1, 2024

Monthly issue metrics report #29667

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

codepipeline: EcsDeployAction missing ecs:TagResource #29400

codepipeline: EcsDeployAction missing ecs:TagResource #29400

pahud commented Mar 7, 2024

pahud commented Mar 7, 2024

github-actions bot commented Mar 8, 2024