Allow migration script to assume custom role #28

maxammann · 2025-04-14T09:27:58Z

The IAM user that applies the terraform config in our setup does not directly have permission to run the migrate.sh script.

It lacks:

      "application-autoscaling:*",
      "ec2:*",
      "ecs:*", # RunTask
      "iam:PassRole",

It would be great if we could let the executing user assume a role instead of giving permission directly.

I envision that the migration config in this TF module would allow to set an assume_role which is assumed before executing the migrate.sh script.

The text was updated successfully, but these errors were encountered:

harrisonravazzolo · 2025-04-21T01:22:16Z

Hey @maxammann - check out this PR we are testing. #31

zayhanlon · 2025-05-27T17:28:48Z

assigning to @BCTBB to provide a final test, review with @edwardsb and then merge

edwardsb mentioned this issue Apr 20, 2025

migrations assume role support #31

Open

kc9wwh added this to 🌦️ :help-customers May 16, 2025

github-project-automation bot moved this to 📨 New requests in 🌦️ :help-customers May 16, 2025

zayhanlon assigned BCTBB May 27, 2025

zayhanlon added the :help-customers Issues for the customer success team label May 27, 2025

zayhanlon moved this from 📨 New requests to 🍳 Needs follow-up in 🌦️ :help-customers May 27, 2025

Provide feedback