/
create-task-role.sh
38 lines (34 loc) · 958 Bytes
/
create-task-role.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
ACCOUNT_ID=xxxxxxxxxxxxxx
TASK_ROLE_NAME=ecsBastionTaskRole
POLICY_NAME=ecsBastionTaskPolicy
aws iam create-role --role-name $TASK_ROLE_NAME --assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}'
aws iam create-policy --policy-name $POLICY_NAME --policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowObjectAccess",
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel",
],
"Resource": "*"
}
]
}'
aws iam attach-role-policy --role-name $TASK_ROLE_NAME --policy-arn "arn:aws:iam::$ACCOUNT_ID:policy/$POLICY_NAME"
echo "Done!"
echo "aws:iam::$ACCOUNT_ID:role/$TASK_ROLE_NAME"