Configurable IAM policies for ECS distrib indexers

quickwit-oss · Apr 23, 2024 · d724f7c · d724f7c
1 parent 6fd8dc8
commit d724f7c
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 11 deletions.
diff --git a/distribution/ecs/quickwit/service/config.tf b/distribution/ecs/quickwit/service/config.tf
@@ -28,4 +28,7 @@ locals {
     },
   ]
 
+  nb_extra_policies             = length(var.service_config.extra_task_policy_arns)
+  extra_tasks_iam_role_policies = { for i in range(local.nb_extra_policies) : "extra_policy_${i}" => var.service_config.extra_task_policy_arns[i] }
+  tasks_iam_role_policies       = merge({ s3_access = var.s3_access_policy_arn }, local.extra_tasks_iam_role_policies)
 }
diff --git a/distribution/ecs/quickwit/service/ecs.tf b/distribution/ecs/quickwit/service/ecs.tf
@@ -128,9 +128,7 @@ module "quickwit_service" {
     var.postgres_credential_arn
   ]
 
-  tasks_iam_role_policies = {
-    s3_access = var.s3_access_policy_arn
-  }
+  tasks_iam_role_policies = local.tasks_iam_role_policies
 
   task_exec_iam_role_policies = {
     policy = var.task_execution_policy_arn

diff --git a/distribution/ecs/quickwit/service/variables.tf b/distribution/ecs/quickwit/service/variables.tf
@@ -38,10 +38,11 @@ variable "quickwit_image" {}
 
 variable "service_config" {
   type = object({
-    desired_count         = optional(number, 1)
-    memory                = number
-    cpu                   = number
-    ephemeral_storage_gib = optional(number, 21)
+    desired_count          = optional(number, 1)
+    memory                 = number
+    cpu                    = number
+    ephemeral_storage_gib  = optional(number, 21)
+    extra_task_policy_arns = optional(list(string), [])
   })
 }
 

diff --git a/distribution/ecs/quickwit/variables.tf b/distribution/ecs/quickwit/variables.tf
@@ -72,10 +72,11 @@ variable "log_configuration" {
 variable "quickwit_indexer" {
   description = "Indexer service sizing configurations"
   type = object({
-    desired_count         = optional(number, 1)
-    memory                = optional(number, 4096)
-    cpu                   = optional(number, 1024)
-    ephemeral_storage_gib = optional(number, 21)
+    desired_count          = optional(number, 1)
+    memory                 = optional(number, 4096)
+    cpu                    = optional(number, 1024)
+    ephemeral_storage_gib  = optional(number, 21)
+    extra_task_policy_arns = optional(list(string), [])
   })
   default = {}
 }