From 5f44c5d906b7ad5df8f5ffd7ed149c8084f05d0d Mon Sep 17 00:00:00 2001
From: Frostebite <jas.f.ukcmti@gmail.com>
Date: Sun, 7 Feb 2021 14:19:27 +0000
Subject: [PATCH] unique task def per job

---
 action/task-def-formation.yml | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/action/task-def-formation.yml b/action/task-def-formation.yml
index b28743b4..cbb58eea 100644
--- a/action/task-def-formation.yml
+++ b/action/task-def-formation.yml
@@ -87,14 +87,23 @@ Resources:
           - "KinesisStream"
           - "Arn"
   CloudWatchIAMRole:
-    Type: 'AWS::IAM::Role'
+    Type: AWS::IAM::Role
     Properties:
       AssumeRolePolicyDocument:
-        Version: "2012-10-17"
         Statement:
-        - Effect: "Allow"
-          Action: "*"
-          Resource: "*"
+        - Effect: Allow
+          Principal:
+            Service: [logs.*.amazonaws.com]
+          Action: ['sts:AssumeRole']
+      Path: /
+      Policies:
+      - PolicyName: service-autoscaling
+        PolicyDocument:
+          Statement:
+          - Effect: Allow
+            Action:
+              - 'kinesis:PutRecord'
+            Resource: '*'
 
   KinesisStream:
     Type: AWS::Kinesis::Stream