Skip to content

Commit

Permalink
requested changes
Browse files Browse the repository at this point in the history
  • Loading branch information
tremble committed Feb 22, 2023
1 parent 081403e commit 378c49c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 16 deletions.
16 changes: 2 additions & 14 deletions aws/policy/security-services.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,23 +31,11 @@ Statement:
- 'arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole'
- 'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole'
- 'arn:aws:iam::aws:policy/service-role/AWSServiceRoleForVPCTransitGateway'
- 'arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole'

# Legacy - We need to backport ansible-collections/community.aws/63 or
# wait until community.aws drops CI support for Ansible 2.9
- Sid: AllowPassRole
Effect: Allow
Action:
- iam:PassRole
Resource:
- 'arn:aws:iam::{{ aws_account_id }}:role/ansible_lambda_role'
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'

- Sid: AllowRegionalUnrestrictedResourceActionsWhichIncurNoFees
Effect: Allow
Action:
- iam:ListAccountAliases
- iam:ListPolicies
- iam:ListInstanceProfiles
- iam:GetUser
- acm:ListCertificates
- acm:ListTagsForCertificate
Expand Down Expand Up @@ -143,7 +131,6 @@ Statement:
- iam:GetInstanceProfile
- iam:GetSAMLProvider
- iam:GetServerCertificate
- iam:ListInstanceProfilesForRole
- iam:PassRole
- iam:RemoveRoleFromInstanceProfile
- iam:UpdateSAMLProvider
Expand Down Expand Up @@ -198,3 +185,4 @@ Statement:
- 'transitgateway.amazonaws.com'
- 'network-firewall.amazonaws.com'
- 'ecs.amazonaws.com'
- 'ecs-test.amazonaws.com'
4 changes: 2 additions & 2 deletions aws/terminator/paas.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from datetime import datetime
from datetime import datetime, timedelta

from . import DbTerminator, Terminator

Expand Down Expand Up @@ -221,7 +221,7 @@ def _paginate_service_results():
class EcsCluster(DbTerminator):
@property
def age_limit(self):
return datetime.timedelta(minutes=30)
return timedelta(minutes=30)

@property
def name(self):
Expand Down

0 comments on commit 378c49c

Please sign in to comment.