skip: Merge branch 'update_iam_per_policy' into feature/policy_testin…

…g_v2

.github/workflows/auto-test.yml

@@ -25,7 +25,7 @@ env:
   TF_BACKEND_STORAGE_NAME: ${{ secrets.TF_BACKEND_STORAGE_NAME }}
   TF_CLI_ARGS: "-no-color"
   AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
-  default_resource_priority_list: '[ "ec2"]'
+  default_resource_priority_list: '[ "ecs"]'
   RED: '\033[0;31m'
 
 permissions:

policies/ecc-aws-494-ecs_fargate_latest_platform_version.yml

@@ -9,9 +9,12 @@ policies:
   - name: ecc-aws-494-ecs_fargate_latest_platform_version
     comment: '010021082000'
     description: |
-      ECS Fargate not latest platform version
+      ECS service with Fargate does not have latest platform version
     resource: ecs-service
     filters:
+      - type: value
+        key: launchType
+        value: FARGATE
       - not:
           - type: value
             key: platformVersion

terraform/ecc-aws-165-ecs_services_public_ip_addresses_not_assigned_automatically/iam/165-policy.json

@@ -3,16 +3,12 @@
     "Statement": [
         {
             "Effect": "Allow",
-            "Action": [ 
-                "ec2:DescribeRegions",
-                "ecs:ListClusters",
-                "ecs:ListContainerInstances",
-                "ecs:DescribeContainerInstances",
-                "ec2:DescribeInstances",
-                "ec2:DescribeVolumes",
-                "ecs:DescribeClusters"
+            "Action": [
+                "ecs:ListServices",
+                "ecs:DescribeServices",
+                "ecs:ListClusters"
             ],
             "Resource": "*"
         }
     ]
-}
+}

terraform/ecc-aws-610-idle_ec2_instance/iam/610-policy.json

@@ -5,7 +5,8 @@
             "Effect": "Allow",
             "Action": [ 
                 "cloudwatch:GetMetricStatistics",
-                "ec2:DescribeInstances"
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags"
             ],
             "Resource": "*"
         }