Configurable task execution role

Configurable task execution role https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
2018-04-21 00:40:32 +02:00
parent bb5dbdbd6e
commit 0a1acbc78e
5 changed files with 15 additions and 0 deletions
--- a/providers/aws/fargate/cluster.go
+++ b/providers/aws/fargate/cluster.go
@@ -20,6 +20,7 @@ type ClusterConfig struct {
 	Subnets                 []string
 	SecurityGroups          []string
 	AssignPublicIPv4Address bool
+	ExecutionRoleArn        string
 	PlatformVersion         string
 }

@@ -32,6 +33,7 @@ type Cluster struct {
 	subnets                 []string
 	securityGroups          []string
 	assignPublicIPv4Address bool
+	executionRoleArn        string
 	platformVersion         string
 	pods                    map[string]*Pod
 	sync.RWMutex
@@ -65,6 +67,7 @@ func NewCluster(config *ClusterConfig) (*Cluster, error) {
 		subnets:                 config.Subnets,
 		securityGroups:          config.SecurityGroups,
 		assignPublicIPv4Address: config.AssignPublicIPv4Address,
+		executionRoleArn:        config.ExecutionRoleArn,
 		platformVersion:         config.PlatformVersion,
 		pods:                    make(map[string]*Pod),
 	}
--- a/providers/aws/fargate/pod.go
+++ b/providers/aws/fargate/pod.go
@@ -80,6 +80,10 @@ func NewPod(cluster *Cluster, pod *corev1.Pod) (*Pod, error) {
 		ContainerDefinitions:    []*ecs.ContainerDefinition{},
 	}

+	if cluster.executionRoleArn != "" {
+		taskDef.ExecutionRoleArn = aws.String(cluster.executionRoleArn)
+	}
+
 	// For each container in the pod...
 	for _, containerSpec := range pod.Spec.Containers {
 		// Create a container definition.