From 47f38ab049e41c80751fc1bb23cc1366f73292ae Mon Sep 17 00:00:00 2001
From: James Green <james.green6@justice.gov.uk>
Date: Tue, 3 Dec 2024 11:19:39 +0000
Subject: [PATCH 1/2] added permissions for AWS Sessions manager to be allowed
 to connect with ECS DNS tasks

---
 modules/dns/ecs.tf             |  1 +
 modules/dns_dhcp_common/iam.tf | 11 ++++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/dns/ecs.tf b/modules/dns/ecs.tf
index 56a927d3..f009c182 100644
--- a/modules/dns/ecs.tf
+++ b/modules/dns/ecs.tf
@@ -16,6 +16,7 @@ resource "aws_ecs_service" "service" {
   desired_count   = 5
   launch_type     = "FARGATE"
   tags            = var.tags
+  enable_execute_command = true
 
   lifecycle {
     ignore_changes = [desired_count]
diff --git a/modules/dns_dhcp_common/iam.tf b/modules/dns_dhcp_common/iam.tf
index 4635a9e2..16591806 100644
--- a/modules/dns_dhcp_common/iam.tf
+++ b/modules/dns_dhcp_common/iam.tf
@@ -77,7 +77,16 @@ resource "aws_iam_role_policy" "ecs_task_policy" {
         "cloudwatch:PutMetricData"
       ],
       "Resource": ["*"]
-    }
+    },{
+      "Effect": "Allow",
+      "Action": [
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+      "ssmmessages:OpenDataChannel"
+      ],
+      "Resource": ["*"]
+  }
   ]
 }
 EOF

From 62b14ef62974bcfba3de1b49179572b5e883cf6f Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 11:23:57 +0000
Subject: [PATCH 2/2] Commit changes made by code formatters

---
 modules/dns/ecs.tf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/dns/ecs.tf b/modules/dns/ecs.tf
index f009c182..f22febca 100644
--- a/modules/dns/ecs.tf
+++ b/modules/dns/ecs.tf
@@ -10,12 +10,12 @@ resource "aws_ecs_cluster" "server_cluster" {
 }
 
 resource "aws_ecs_service" "service" {
-  name            = "${var.prefix}-service"
-  cluster         = aws_ecs_cluster.server_cluster.id
-  task_definition = aws_ecs_task_definition.server_task.arn
-  desired_count   = 5
-  launch_type     = "FARGATE"
-  tags            = var.tags
+  name                   = "${var.prefix}-service"
+  cluster                = aws_ecs_cluster.server_cluster.id
+  task_definition        = aws_ecs_task_definition.server_task.arn
+  desired_count          = 5
+  launch_type            = "FARGATE"
+  tags                   = var.tags
   enable_execute_command = true
 
   lifecycle {