From 92db108a44babcd41fa2644e10ded29f66dc773d Mon Sep 17 00:00:00 2001
From: Joost Veen <joost@oblcc.com>
Date: Thu, 21 Feb 2019 09:42:31 +0100
Subject: [PATCH] Leveraging AWS managed policy with same functionality instead
 of inline one

---
 infrastructure/ecs-cluster.yaml | 24 +-----------------------
 1 file changed, 1 insertion(+), 23 deletions(-)

diff --git a/infrastructure/ecs-cluster.yaml b/infrastructure/ecs-cluster.yaml
index 7d6969ee..547dba60 100644
--- a/infrastructure/ecs-cluster.yaml
+++ b/infrastructure/ecs-cluster.yaml
@@ -151,29 +151,7 @@ Resources:
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
         - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
-      Policies:
-        - PolicyName: ecs-service
-          PolicyDocument: |
-            {
-                "Statement": [{
-                    "Effect": "Allow",
-                    "Action": [
-                        "ecs:CreateCluster",
-                        "ecs:DeregisterContainerInstance",
-                        "ecs:DiscoverPollEndpoint",
-                        "ecs:Poll",
-                        "ecs:RegisterContainerInstance",
-                        "ecs:StartTelemetrySession",
-                        "ecs:Submit*",
-                        "ecr:BatchCheckLayerAvailability",
-                        "ecr:BatchGetImage",
-                        "ecr:GetDownloadUrlForLayer",
-                        "ecr:GetAuthorizationToken"
-                    ],
-                    "Resource": "*"
-                }]
-            }
-
+        - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
   ECSInstanceProfile:
     Type: AWS::IAM::InstanceProfile
     Properties: