diff --git a/bclaw_runner/src/runner/qc_check.py b/bclaw_runner/src/runner/qc_check.py index e0392f2..7b62519 100644 --- a/bclaw_runner/src/runner/qc_check.py +++ b/bclaw_runner/src/runner/qc_check.py @@ -8,6 +8,7 @@ def run_qc_checks(checks: list) -> None: + logger.info("starting QC checks") for item in checks: qc_file = item["qc_result_file"] logger.info(f"{qc_file=}") @@ -17,7 +18,8 @@ def run_qc_checks(checks: list) -> None: for qc_expression in item["stop_early_if"]: run_qc_check(qc_data, qc_expression) - # pass + + logger.info("QC checks finished") def run_qc_check(qc_data: dict, qc_expression: str) -> None: diff --git a/cloudformation/bc_ecs_task_role.yaml b/cloudformation/bc_ecs_task_role.yaml index cb3f69c..89af4a2 100644 --- a/cloudformation/bc_ecs_task_role.yaml +++ b/cloudformation/bc_ecs_task_role.yaml @@ -46,38 +46,49 @@ Resources: PolicyDocument: Version: "2012-10-17" Statement: - - Effect: "Allow" + - Sid: "write logs" + Effect: "Allow" Action: - "logs:CreateLogStream" - "logs:PutLogEvents" Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" - - Effect: "Allow" + - Sid: "s3 bucket access" + Effect: "Allow" Action: - "s3:ListBucket" Resource: "arn:aws:s3:::*" - - Effect: "Allow" + - Sid: "s3 object access" + Effect: "Allow" Action: - "s3:PutObject" - "s3:GetObject" - "s3:PutObjectAcl" - "s3:AbortMultipartUpload" Resource: "arn:aws:s3:::*/*" - - Effect: "Allow" + - Sid: "delete s3 control objects" + Effect: "Allow" Action: - "s3:DeleteObject" Resource: "arn:aws:s3:::*/_control_/*" - - Effect: "Allow" + - Sid: "ecr access" + Effect: "Allow" Action: - "ecr:GetAuthorizationToken" - "ecr:BatchCheckLayerAvailability" - "ecr:GetDownloadUrlForLayer" - "ecr:BatchGetImage" Resource: "*" - - Effect: "Allow" + - Sid: "ec2 instance tagging" + Effect: "Allow" Action: - "ec2:CreateTags" - "ec2:DeleteTags" Resource: "*" + - Sid: "terminate state machine execution" + Effect: "Allow" + Action: + - "states:StopExecution" + Resource: "*" Outputs: EcsTaskRoleArn: