allow passrole on task role too (#1992)

* allow passrole on task role too * match with dataplatform-stg-ecs-parking * remove the environment variable since the identifier_prefix includes
LBHackney-IT · Nov 21, 2024 · 48cab13 · 48cab13
1 parent f452f7d
commit 48cab13
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/terraform/modules/department/50-aws-iam-policies.tf b/terraform/modules/department/50-aws-iam-policies.tf
@@ -911,7 +911,9 @@ data "aws_iam_policy_document" "airflow_base_policy" {
       "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-execution-role",
       "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-task-role",
       "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/parking-ecs-execution-role",
-      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/housing-ecs-execution-role"
+      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.identifier_prefix}-ecs-parking",
+      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/housing-ecs-execution-role",
+      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.identifier_prefix}-ecs-housing",
     ]
     condition {
       test     = "StringEquals"