Support pull from ECR

close #58

Signed-off-by: Nicolas De Loof <[email protected]>

ecs/pkg/amazon/cloudformation.go

@@ -120,6 +120,7 @@ func (c client) Convert(project *compose.Project) (*cloudformation.Template, err
 			Policies:                 rolePolicies,
 			ManagedPolicyArns: []string{
 				ECSTaskExecutionPolicy,
+				ECRReadOnlyPolicy,
 			},
 		}
 		template.Resources[taskDefinition] = definition

ecs/pkg/amazon/iam.go

@@ -2,6 +2,7 @@ package amazon
 
 const (
 	ECSTaskExecutionPolicy = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+	ECRReadOnlyPolicy      = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
 
 	ActionGetSecretValue = "secretsmanager:GetSecretValue"
 	ActionGetParameters  = "ssm:GetParameters"

ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden

@@ -217,7 +217,8 @@
           "Version": "2012-10-17"
         },
         "ManagedPolicyArns": [
-          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
         ]
       },
       "Type": "AWS::IAM::Role"

ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden

@@ -217,7 +217,8 @@
           "Version": "2012-10-17"
         },
         "ManagedPolicyArns": [
-          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
         ]
       },
       "Type": "AWS::IAM::Role"