debug

Bayer-Group · Jun 5, 2024 · 5cdac3d · 5cdac3d
1 parent 5d34551
commit 5cdac3d
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/bclaw_runner/src/runner/qc_check.py b/bclaw_runner/src/runner/qc_check.py
@@ -8,6 +8,7 @@
 
 
 def run_qc_checks(checks: list) -> None:
+    logger.info("starting QC checks")
     for item in checks:
         qc_file = item["qc_result_file"]
         logger.info(f"{qc_file=}")
@@ -17,7 +18,8 @@ def run_qc_checks(checks: list) -> None:
 
         for qc_expression in item["stop_early_if"]:
             run_qc_check(qc_data, qc_expression)
-            # pass
+
+    logger.info("QC checks finished")
 
 
 def run_qc_check(qc_data: dict, qc_expression: str) -> None:

diff --git a/cloudformation/bc_ecs_task_role.yaml b/cloudformation/bc_ecs_task_role.yaml
@@ -46,38 +46,49 @@ Resources:
       PolicyDocument:
         Version: "2012-10-17"
         Statement:
-          - Effect: "Allow"
+          - Sid: "write logs"
+            Effect: "Allow"
             Action:
               - "logs:CreateLogStream"
               - "logs:PutLogEvents"
             Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*"
-          - Effect: "Allow"
+          - Sid: "s3 bucket access"
+            Effect: "Allow"
             Action:
               - "s3:ListBucket"
             Resource: "arn:aws:s3:::*"
-          - Effect: "Allow"
+          - Sid: "s3 object access"
+            Effect: "Allow"
             Action:
               - "s3:PutObject"
               - "s3:GetObject"
               - "s3:PutObjectAcl"
               - "s3:AbortMultipartUpload"
             Resource: "arn:aws:s3:::*/*"
-          - Effect: "Allow"
+          - Sid: "delete s3 control objects"
+            Effect: "Allow"
             Action:
               - "s3:DeleteObject"
             Resource: "arn:aws:s3:::*/_control_/*"
-          - Effect: "Allow"
+          - Sid: "ecr access"
+            Effect: "Allow"
             Action:
               - "ecr:GetAuthorizationToken"
               - "ecr:BatchCheckLayerAvailability"
               - "ecr:GetDownloadUrlForLayer"
               - "ecr:BatchGetImage"
             Resource: "*"
-          - Effect: "Allow"
+          - Sid: "ec2 instance tagging"
+            Effect: "Allow"
             Action:
               - "ec2:CreateTags"
               - "ec2:DeleteTags"
             Resource: "*"
+          - Sid: "terminate state machine execution"
+            Effect: "Allow"
+            Action:
+              - "states:StopExecution"
+            Resource: "*"
 
 Outputs:
   EcsTaskRoleArn: