Merge pull request #189 from ChristopheBougere/iam-pass-role

fix: adding 'iam:PassRole' permission for ECS

Author: theburningmonk

lib/deploy/stepFunctions/compileIamRole.js

@@ -100,7 +100,7 @@ function getGluePermissions() {
 
 function getEcsPermissions() {
   return [{
-    action: 'ecs:RunTask,ecs:StopTask,ecs:DescribeTasks',
+    action: 'ecs:RunTask,ecs:StopTask,ecs:DescribeTasks,iam:PassRole',
     resource: '*',
   }, {
     action: 'events:PutTargets,events:PutRule,events:DescribeRule',

lib/deploy/stepFunctions/compileIamRole.test.js

@@ -663,7 +663,7 @@ describe('#compileIamRole', () => {
       .Properties.Policies[0].PolicyDocument.Statement;
 
     const ecsPermissions = statements.filter(s =>
-      _.isEqual(s.Action, ['ecs:RunTask', 'ecs:StopTask', 'ecs:DescribeTasks'])
+      _.isEqual(s.Action, ['ecs:RunTask', 'ecs:StopTask', 'ecs:DescribeTasks', 'iam:PassRole'])
     );
     expect(ecsPermissions).to.have.lengthOf(1);
     expect(ecsPermissions[0].Resource).to.equal('*');