make the policy more flexible

briskt · briskt · commit 80d81a14f033 · 2025-11-25T15:12:01.000+08:00
Strip any task definition version, if provided, then add ":*" to the end. This should work whether the variable has an asterisk, a number, or neither.
diff --git a/main.tf b/main.tf
@@ -40,7 +40,7 @@ resource "aws_iam_role_policy" "this" {
       {
         Effect   = "Allow"
         Action   = "ecs:RunTask"
-        Resource = replace(var.task_definition_arn, "/:\\d+$/", ":*")
+        Resource = "${replace(var.task_definition_arn, "/:\\d+$/", "")}:*"
       },
     ]
   })

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ resource "aws_iam_role_policy" "this" {`
`40`	`40`	`{`
`41`	`41`	`Effect = "Allow"`
`42`	`42`	`Action = "ecs:RunTask"`
`43`		`- Resource = replace(var.task_definition_arn, "/:\\d+$/", ":*")`
	`43`	`+ Resource = "${replace(var.task_definition_arn, "/:\\d+$/", "")}:*"`
`44`	`44`	`},`
`45`	`45`	`]`
`46`	`46`	`})`