[PRMP-1123] Add environment variables and IAM permissions to ecs task

infrastructure/ecs.tf

@@ -60,6 +60,34 @@ module "ndr-ecs-fargate-ods-update" {
     {
       "name" : "PDS_FHIR_IS_STUBBED",
       "value" : tostring(local.is_sandbox)
+    },
+    {
+      "name" : "LLOYD_GEORGE_BUCKET_NAME",
+      "value" : "${terraform.workspace}-${var.lloyd_george_bucket_name}"
+    },
+    {
+      "name" : "LLOYD_GEORGE_DYNAMODB_NAME",
+      "value" : "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
+    },
+    {
+      "name" : "DOCUMENT_STORE_BUCKET_NAME",
+      "value" : "${terraform.workspace}-${var.docstore_bucket_name}"
+    },
+    {
+      "name" : "DOCUMENT_STORE_DYNAMODB_NAME",
+      "value" : "${terraform.workspace}_${var.docstore_dynamodb_table_name}"
+    },
+    {
+      "name" : "STATISTICAL_REPORTS_BUCKET",
+      "value" : "${terraform.workspace}-${var.statistical_reports_bucket_name}"
+    },
+    {
+      "name" : "STATISTICS_TABLE",
+      "value" : "${terraform.workspace}_${var.statistics_dynamodb_table_name}"
+    },
+    {
+      "name" : "WORKSPACE",
+      "value" : terraform.workspace
     }
   ]
   ecs_container_definition_memory = 512
@@ -74,6 +102,13 @@ resource "aws_iam_role" "ods_weekly_update_task_role" {
   managed_policy_arns = [
     module.lloyd_george_reference_dynamodb_table.dynamodb_policy,
     aws_iam_policy.ssm_access_policy.arn,
+    module.statistics_dynamodb_table.dynamodb_policy,
+    module.statistical-reports-store.s3_object_access_policy,
+    module.ndr-app-config.app_config_policy_arn,
+    module.ndr-lloyd-george-store.s3_list_object_policy,
+    module.ndr-document-store.s3_list_object_policy,
+    module.document_reference_dynamodb_table.dynamodb_policy,
+    aws_iam_policy.cloudwatch_log_query_policy.arn
   ]
   assume_role_policy = jsonencode(
     {