self.fargate_execution_role = iam.Role(
self,
"GitlabExecutionRole",
assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AmazonECSTaskExecutionRolePolicy"
)
],
inline_policies=self.fargate_execution_role_policies
)
How can I specify a resource, bearing in mind the above creates resource: “*”?
For example, I want it to be confined to accountid:resource, of which there may be many. For example cloud watch and ecs.
Many thanks