update permissions

DSGT-DLP · May 17, 2024 · cb0331b · cb0331b
1 parent 139886f
commit cb0331b
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 14 deletions.
diff --git a/dlp-terraform/ecs/ecs_django_service.tf b/dlp-terraform/ecs/ecs_django_service.tf
@@ -10,6 +10,11 @@ resource "aws_iam_role" "django_ecs_task_role" {
 }
 
 data "aws_iam_policy_document" "django_inline_policy" {
+  statement {
+    actions   = ["sqs:SendMessage", "sqs:GetQueueAttributes"]
+    resources = [aws_sqs_queue.training_queue.arn]
+  }
+
   statement {
     actions   = ["secretsmanager:GetSecretValue"]
     resources = ["arn:aws:secretsmanager:us-east-1:521654603461:secret:DLP/Firebase/Admin_SDK-8g8IDn"]
@@ -93,7 +98,7 @@ resource "aws_ecs_service" "django" {
   }
 
   lifecycle {
-    ignore_changes = [desired_count]
+    ignore_changes = [desired_count, task_definition]
   }
 
   load_balancer {

diff --git a/dlp-terraform/ecs/ecs_training_service.tf b/dlp-terraform/ecs/ecs_training_service.tf
@@ -11,13 +11,13 @@ resource "aws_iam_role" "training_ecs_task_role" {
 
 data "aws_iam_policy_document" "training_inline_policy" {
   statement {
-    actions   = ["sqs:ReceiveMessage"]
+    actions   = ["sqs:ReceiveMessage", "sqs:GetQueueAttributes", "sqs:ChangeMessageVisibility"]
     resources = [aws_sqs_queue.training_queue.arn]
   }
 
   statement {
-    actions   = ["s3:ListBucket", "s3:GetObject"]
-    resources = [aws_s3_bucket.s3bucket_executions.arn]
+    actions   = ["s3:GetObject", "s3:PutObject"]
+    resources = [aws_s3_bucket.s3bucket_executions.arn, "${aws_s3_bucket.s3bucket_executions.arn}/*"]
   }
 }
 
@@ -70,16 +70,8 @@ resource "aws_ecs_service" "training" {
   }
 
   lifecycle {
-    ignore_changes = [desired_count]
+    ignore_changes = [desired_count, task_definition]
   }
-
-  # load_balancer {
-  #   target_group_arn = aws_lb_target_group.app.arn
-  #   container_name = "training"
-  #   container_port = 8000
-  # }
-
-  # depends_on = [aws_lb_target_group.app]
 }
 
 # --- ECS Service Auto Scaling ---

diff --git a/frontend/next.config.js b/frontend/next.config.js
@@ -25,7 +25,7 @@ const nextConfig = {
       source: "/api/training/:path*",
       destination:
         process.env.ENVIRONMENT === "production"
-          ? "http://alb-785155211.us-east-1.elb.amazonaws.com/api/:path*" // note, this url changes every time you destroy/apply Terraform
+          ? "http://alb-1805434018.us-east-1.elb.amazonaws.com/api/:path*" // note, this url changes every time you destroy/apply Terraform
           : "http://127.0.0.1:8000/api/:path*",
     },
   ],