Configurable task execution role

Configurable task execution role
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html

providers/aws/config.go

@@ -41,6 +41,7 @@ type providerConfig struct {
 	Subnets                 []string
 	SecurityGroups          []string
 	AssignPublicIPv4Address bool
+	ExecutionRoleArn        string
 	PlatformVersion         string
 	OperatingSystem         string
 	CPU                     string
@@ -131,6 +132,7 @@ func (p *FargateProvider) loadConfig(r io.Reader) error {
 
 	p.clusterName = config.ClusterName
 	p.assignPublicIPv4Address = config.AssignPublicIPv4Address
+	p.executionRoleArn = config.ExecutionRoleArn
 	p.platformVersion = config.PlatformVersion
 	p.operatingSystem = config.OperatingSystem
 	p.capacity.cpu = config.CPU

providers/aws/fargate.toml

@@ -24,6 +24,10 @@ SecurityGroups = ["sg-12345678", "sg-87654321"]
 # Whether pod ENIs are assigned a public IPv4 address. Optional. Defaults to false.
 AssignPublicIPv4Address = false
 
+# Role assumed by AWS Fargate to execute your task. Optional.
+# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
+ExecutionRoleArn = ""
+
 # Fargate platform version. Optional. Defaults to "LATEST".
 # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html
 PlatformVersion = "LATEST"

providers/aws/fargate/cluster.go

@@ -20,6 +20,7 @@ type ClusterConfig struct {
 	Subnets                 []string
 	SecurityGroups          []string
 	AssignPublicIPv4Address bool
+	ExecutionRoleArn        string
 	PlatformVersion         string
 }
 
@@ -32,6 +33,7 @@ type Cluster struct {
 	subnets                 []string
 	securityGroups          []string
 	assignPublicIPv4Address bool
+	executionRoleArn        string
 	platformVersion         string
 	pods                    map[string]*Pod
 	sync.RWMutex
@@ -65,6 +67,7 @@ func NewCluster(config *ClusterConfig) (*Cluster, error) {
 		subnets:                 config.Subnets,
 		securityGroups:          config.SecurityGroups,
 		assignPublicIPv4Address: config.AssignPublicIPv4Address,
+		executionRoleArn:        config.ExecutionRoleArn,
 		platformVersion:         config.PlatformVersion,
 		pods:                    make(map[string]*Pod),
 	}

providers/aws/fargate/pod.go

@@ -80,6 +80,10 @@ func NewPod(cluster *Cluster, pod *corev1.Pod) (*Pod, error) {
 		ContainerDefinitions:    []*ecs.ContainerDefinition{},
 	}
 
+	if cluster.executionRoleArn != "" {
+		taskDef.ExecutionRoleArn = aws.String(cluster.executionRoleArn)
+	}
+
 	// For each container in the pod...
 	for _, containerSpec := range pod.Spec.Containers {
 		// Create a container definition.

providers/aws/provider.go

@@ -31,6 +31,7 @@ type FargateProvider struct {
 	clusterName             string
 	capacity                capacity
 	assignPublicIPv4Address bool
+	executionRoleArn        string
 	platformVersion         string
 	lastTransitionTime      time.Time
 }
@@ -84,6 +85,7 @@ func NewFargateProvider(
 		Subnets:                 p.subnets,
 		SecurityGroups:          p.securityGroups,
 		AssignPublicIPv4Address: p.assignPublicIPv4Address,
+		ExecutionRoleArn:        p.executionRoleArn,
 		PlatformVersion:         p.platformVersion,
 	}