fix: Add ECRReader permission role to beta scanner ecr (#134)

miketnt · web-flow · commit d3f4866ba5f3 · 2022-10-17T16:19:56.000+02:00
Add back both resource and data "ecr_reader" when using beta_scanning
diff --git a/modules/services/cloud-connector-ecs/permissions.tf b/modules/services/cloud-connector-ecs/permissions.tf
@@ -135,14 +135,14 @@ data "aws_iam_policy_document" "task_definition_reader" {
 
 # image scanning - ecr
 resource "aws_iam_role_policy" "ecr_reader" {
-  count  = local.deploy_image_scanning_with_codebuild ? 1 : 0
+  count  = local.deploy_image_scanning ? 1 : 0
   name   = "ECRReader"
   role   = local.ecs_task_role_id
   policy = data.aws_iam_policy_document.ecr_reader[0].json
 }
 
 data "aws_iam_policy_document" "ecr_reader" {
-  count = local.deploy_image_scanning_with_codebuild ? 1 : 0
+  count = local.deploy_image_scanning ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
