private createExecutionRole()

in infra/ecs-service/construct/ecs-infra-const.ts [140:166]

• 25 lines of code
• 1 McCabe index (conditional complexity)

    private createExecutionRole(baseName: string): iam.Role {
        const role = new iam.Role(this, `ExecutionRole`, {
            roleName: `${baseName}ExecutionRole`,
            assumedBy: new iam.ServicePrincipal('ecs-tasks.amazonaws.com')
        });

        role.addToPolicy(new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            resources: ['*'],
            actions: [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage"
            ]
        }));
        role.addToPolicy(new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            resources: ['*'],
            actions: [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ]
        }));

        return role;
    }