fix(infra): grant app runner privileged ssm access

luke-h1 · Jan 2, 2025 · e569017 · e569017
1 parent fbe2ca3
commit e569017
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/terraform/app-runner.tf b/terraform/app-runner.tf
@@ -77,6 +77,8 @@ resource "aws_apprunner_auto_scaling_configuration_version" "scale" {
 
 resource "aws_apprunner_service" "app_runner_service" {
   service_name = var.project_name
+
+
   source_configuration {
 
     auto_deployments_enabled = false
@@ -110,8 +112,9 @@ resource "aws_apprunner_service" "app_runner_service" {
   }
 
   instance_configuration {
-    cpu    = "256"
-    memory = "512"
+    cpu               = "256"
+    memory            = "512"
+    instance_role_arn = aws_iam_role.runner.arn
   }
 
   auto_scaling_configuration_arn = aws_apprunner_auto_scaling_configuration_version.scale.arn
@@ -136,6 +139,26 @@ resource "aws_apprunner_service" "app_runner_service" {
   }
 }
 
+resource "aws_iam_role" "runner" {
+  name = "${var.env}-runner-iam"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "tasks.apprunner.amazonaws.com"
+        }
+      },
+    ]
+  })
+
+  tags = var.tags
+}
+
 resource "aws_apprunner_vpc_connector" "app_runner_vpc_connector" {
   vpc_connector_name = "${var.project_name}-vpc-connector"
   subnets = [