Added ECS Web Task ARN to policy

infrastructure/cloud/environments/sandbox/webapp.tf

@@ -1,9 +1,9 @@
 module "security" {
-  source       = "../../modules/security"
-  environment  = var.environment
-  app_name     = var.app_name
-  kms_key_name = var.kms_key_name
-
+  source                      = "../../modules/security"
+  environment                 = var.environment
+  app_name                    = var.app_name
+  kms_key_name                = var.kms_key_name
+  ecs_web_task_definition_arn = module.container.ecs_web_task_definition_arn
 }
 
 module "storage" {

infrastructure/cloud/modules/container/outputs.tf

@@ -1,3 +1,7 @@
 output "ecr_url" {
   value = try(aws_ecr_repository.ecr_repository.repository_url, "")
 }
+
+output "ecs_web_task_definition_arn" {
+  value = aws_ecs_task_definition.ecs_web_task_definition.arn
+}

infrastructure/cloud/modules/security/iam.tf

@@ -29,6 +29,7 @@ resource "aws_iam_role_policy" "ecs_web_task_execution_policy" {
           "ecr:GetDownloadUrlForLayer",
           "ecr:GetAuthorizationToken"
         ]
+        Resource = var.ecs_web_task_definition_arn
       }
     ]
   })

infrastructure/cloud/modules/security/variables.tf

@@ -15,3 +15,8 @@ variable "kms_key_name" {
   description = "The name of the KMS key to create"
   default     = "jasper-kms-key"
 }
+
+variable "ecs_web_task_definition_arn" {
+  type        = string
+  description = "The ECS Web Task Execution ARN"
+}