Skip to content

Commit 3b5ca4e

Browse files
yanbasicyanbasic
authored
fix: fix for CN region deployment (#105)
* fix: fix for CN region deployment * fix: fix for CVE
1 parent 1fe8197 commit 3b5ca4e

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

src/emd/cfn/shared/ecs_cluster.yaml

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@ Parameters:
2020
Conditions:
2121
DeployAPIRouterCondition: !Not [!Equals [!Ref APIRouterImageURI, ""]]
2222
UseSpotCondition: !Equals [!Ref UseSpot, "yes"]
23+
IsChinaRegionCondition: !Or
24+
- !Equals [!Ref "AWS::Region", "cn-north-1"]
25+
- !Equals [!Ref "AWS::Region", "cn-northwest-1"]
2326

2427
Resources:
2528
ECSCluster:
@@ -251,7 +254,10 @@ Resources:
251254
Statement:
252255
- Effect: Allow
253256
Principal:
254-
Service: [ecs-tasks.amazonaws.com]
257+
Service:
258+
- ecs-tasks.amazonaws.com
259+
- application-autoscaling.amazonaws.com
260+
- !If [IsChinaRegionCondition, "application-autoscaling.amazonaws.com.cn", !Ref "AWS::NoValue"]
255261
Action: ['sts:AssumeRole']
256262
Path: /
257263
Policies:
@@ -267,6 +273,10 @@ Resources:
267273
- 'ecr:BatchGetImage'
268274
- 'logs:CreateLogStream'
269275
- 'logs:PutLogEvents'
276+
- 'ecs:UpdateService'
277+
- 'ecs:DescribeServices'
278+
- 'cloudwatch:DescribeAlarms'
279+
- 'cloudwatch:PutMetricAlarm'
270280
Resource: '*'
271281

272282
APIRouterTaskRole:

0 commit comments

Comments
 (0)