Remove ECS policies from AWS compute policy

The compute policy was exceeding maximum size and contained policies that already exist in ecs-policy. Look up suitable AMIs rather than hardcode We don't want to maintain multiple image IDs for multiple regions so use ec2_ami_facts to set a suitable image ID Improve exception handling
author: Will Thames <will@thames.id.au> 2018-06-06 19:48:00 +1000
committer: Will Thames <will@thames.id.au> 2018-06-06 20:51:50 +1000
commit: a60fe1946c98996355a66e29ea487f96c9d3c629 (patch)
tree: f6db2b4153970acbf5aea8dc94fd0159d48364bd /hacking/aws_config
parent: fbcd6f8a65e40703408ddd483e5a7a8b4f40dc2c (diff)
download: ansible-a60fe1946c98996355a66e29ea487f96c9d3c629.tar.gz
1 files changed, 0 insertions, 46 deletions
diff --git a/hacking/aws_config/testing_policies/compute-policy.json b/hacking/aws_config/testing_policies/compute-policy.json
index c9f31a4062..be4c4d0d51 100644
--- a/hacking/aws_config/testing_policies/compute-policy.json
+++ b/hacking/aws_config/testing_policies/compute-policy.json
@@ -109,29 +109,6 @@
                 "arn:aws:ec2:{{aws_region}}:{{aws_account}}:*"
             ]
         },
-        {
-            "Sid": "UnspecifiedCodeRepositories",
-            "Effect": "Allow",
-            "Action": [
-                "ecr:DescribeRepositories",
-                "ecr:CreateRepository"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Sid": "SpecifiedCodeRepositories",
-            "Effect": "Allow",
-            "Action": [
-                "ecr:GetRepositoryPolicy",
-                "ecr:SetRepositoryPolicy",
-                "ecr:DeleteRepository",
-                "ecr:DeleteRepositoryPolicy",
-                "ecr:DeleteRepositoryPolicy"
-            ],
-            "Resource": [
-                "arn:aws:ecr:{{aws_region}}:{{aws_account}}:repository/ansible-*"
-            ]
-        },
 {# According to http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html #}
 {# Resource level access control is not possible for the new ELB API (providing Application Load Balancer functionality #}
 {# While it remains possible for the old API, there is no distinction of the Actions between old API and new API #}
@@ -239,29 +216,6 @@
             ]
         },
         {
-          "Sid": "AllowECSManagement",
-          "Effect": "Allow",
-          "Action": [
-            "application-autoscaling:Describe*",
-            "application-autoscaling:PutScalingPolicy",
-            "application-autoscaling:RegisterScalableTarget",
-            "cloudwatch:DescribeAlarms",
-            "cloudwatch:PutMetricAlarm",
-            "ecs:CreateCluster",
-            "ecs:CreateService",
-            "ecs:DeleteCluster",
-            "ecs:DeleteService",
-            "ecs:Describe*",
-            "ecs:DeregisterTaskDefinition",
-            "ecs:List*",
-            "ecs:RegisterTaskDefinition",
-            "ecs:UpdateService"
-          ],
-          "Resource": [
-            "*"
-          ]
-        },
-        {
           "Sid": "AllowSESManagement",
           "Effect": "Allow",
           "Action": [
author	Will Thames <will@thames.id.au>	2018-06-06 19:48:00 +1000
committer	Will Thames <will@thames.id.au>	2018-06-06 20:51:50 +1000
commit	a60fe1946c98996355a66e29ea487f96c9d3c629 (patch)
tree	f6db2b4153970acbf5aea8dc94fd0159d48364bd /hacking/aws_config
parent	fbcd6f8a65e40703408ddd483e5a7a8b4f40dc2c (diff)
download	ansible-a60fe1946c98996355a66e29ea487f96c9d3c629.tar.gz