From 9dbc9cefa24e95e822b473c5030af12ae2ee44a5 Mon Sep 17 00:00:00 2001 From: Ryan Jung Date: Fri, 13 Feb 2026 11:19:53 -0700 Subject: [PATCH] Allow for services with no special exec role policy requirements --- tb_pulumi/fargate.py | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/tb_pulumi/fargate.py b/tb_pulumi/fargate.py index 8b2daca..7d98e5c 100644 --- a/tb_pulumi/fargate.py +++ b/tb_pulumi/fargate.py @@ -243,10 +243,10 @@ def __init__( opts=pulumi.ResourceOptions(parent=self), tags=self.tags, ) - for service in services.keys() + for service in exec_role_policy_docs.keys() } - # Build the execution roles using the policies from above + # Build the execution roles using the policies from above, if they exist exec_roles = { service: aws.iam.Role( f'{name}-execrole-{service}', @@ -254,12 +254,23 @@ def __init__( description=f'Task execution role for running the {service} service for {self.project.name_prefix}', assume_role_policy=arp, managed_policy_arns=[ - # This AWS managed policy allows access to ECR and log streams - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy', - exec_role_policies[service], + item + for item in [ + # This AWS managed policy allows access to ECR and log streams + 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy', + exec_role_policies[service] if service in exec_role_policies else None, + ] + if item is not None ], tags=self.tags, - opts=pulumi.ResourceOptions(parent=self, depends_on=[exec_role_policies[service]]), + opts=pulumi.ResourceOptions( + parent=self, + depends_on=[ + item + for item in [exec_role_policies[service] if service in exec_role_policies else None] + if item is not None + ], + ), ) for service in services.keys() }