Merge branch 'dev' into prod

Sage-Bionetworks-Workflows · Jul 17, 2023 · 0398156 · 0398156
2 parents fec1923 + 9b0bbd9
commit 0398156
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/config/config.yaml b/config/config.yaml
@@ -3,7 +3,7 @@ profile: {{ var.profile | default() }}
 region: {{ var.region | default("us-east-1") }}
 aws_infra_templates_root_url: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra
 admincentral_cf_bucket: bootstrap-awss3cloudformationbucket-19qromfd235z9
-tower_version: v22.4.1
+tower_version: v23.1.3
 default_stack_tags:
   Department: IBC
   Project: Infrastructure

diff --git a/templates/nextflow-forge-iam-policy.yaml b/templates/nextflow-forge-iam-policy.yaml
@@ -7,7 +7,8 @@ Resources:
       PolicyDocument:
         Version: 2012-10-17
         Statement:
-        - Effect: Allow
+        - Sid: TowerForge0
+          Effect: Allow
           Action:
             - ssm:GetParameters
             - iam:CreateInstanceProfile
@@ -60,6 +61,35 @@ Resources:
             - elasticfilesystem:PutLifecycleConfiguration
             - elasticfilesystem:TagResource
           Resource: "*"
+        - Sid: TowerLaunch0
+          Effect: Allow
+          Action:
+            - s3:Get*
+            - s3:List*
+            - batch:DescribeJobQueues
+            - batch:CancelJob
+            - batch:SubmitJob
+            - batch:ListJobs
+            - batch:DescribeComputeEnvironments
+            - batch:TerminateJob
+            - batch:DescribeJobs
+            - batch:RegisterJobDefinition
+            - batch:DescribeJobDefinitions
+            - ecs:DescribeTasks
+            - ec2:DescribeInstances
+            - ec2:DescribeInstanceTypes
+            - ec2:DescribeInstanceAttribute
+            - ecs:DescribeContainerInstances
+            - ec2:DescribeInstanceStatus
+            - ec2:DescribeImages
+            - logs:Describe*
+            - logs:Get*
+            - logs:List*
+            - logs:StartQuery
+            - logs:StopQuery
+            - logs:TestMetricFilter
+            - logs:FilterLogEvents
+          Resource: "*"
 Outputs:
   NextFlowForgePolicyArn:
     Value: !Ref NextFlowForgePolicy