Add permissions for pull request to AWS ECR

mehr74 · mehr74 · commit 399726cd636c · 2024-03-09T13:50:50.000+01:00
diff --git a/ops/repository/iam.tf b/ops/repository/iam.tf
@@ -45,6 +45,7 @@ resource "aws_iam_role" "github_action_role" {
             "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com",
             "token.actions.githubusercontent.com:sub" = [
               "repo:${var.github_owner}/${var.github_repo}:ref:refs/heads/main",
+              "repo:${var.github_owner}/${var.github_repo}:pull_request"
             ]
           }
         }

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ resource "aws_iam_role" "github_action_role" {`
`45`	`45`	`"token.actions.githubusercontent.com:aud" = "sts.amazonaws.com",`
`46`	`46`	`"token.actions.githubusercontent.com:sub" = [`
`47`	`47`	`"repo:${var.github_owner}/${var.github_repo}:ref:refs/heads/main",`
	`48`	`+ "repo:${var.github_owner}/${var.github_repo}:pull_request"`
`48`	`49`	`]`
`49`	`50`	`}`
`50`	`51`	`}`