From 0895736ba4b2df41f891854a984373d6d5a7587d Mon Sep 17 00:00:00 2001 From: Gezi-lzq Date: Tue, 21 Oct 2025 20:06:30 +0800 Subject: [PATCH 1/3] feat: add FSx permissions to role policy for file system management --- tpls/automq_byoc_role_policy.json.tpl | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tpls/automq_byoc_role_policy.json.tpl b/tpls/automq_byoc_role_policy.json.tpl index 0401ffc..5472e13 100644 --- a/tpls/automq_byoc_role_policy.json.tpl +++ b/tpls/automq_byoc_role_policy.json.tpl @@ -110,6 +110,24 @@ "arn:aws:s3:::${automq_data_bucket}/*", "arn:aws:s3:::${automq_ops_bucket}/*" ] + }, + { + "Effect": "Allow", + "Action": [ + "fsx:CreateFileSystem", + "fsx:DeleteFileSystem", + "fsx:CreateStorageVirtualMachine", + "fsx:TagResource", + "fsx:DescribeStorageVirtualMachines", + "fsx:UpdateVolume", + "fsx:DescribeFileSystems", + "fsx:DeleteStorageVirtualMachine", + "fsx:UpdateFileSystem", + "fsx:CreateVolume", + "fsx:DescribeVolumes", + "fsx:DeleteVolume" + ], + "Resource": "*" } ] } \ No newline at end of file From 877c5a8b0f9162d303944c5993d760215e027413 Mon Sep 17 00:00:00 2001 From: Gezi-lzq Date: Tue, 21 Oct 2025 20:11:04 +0800 Subject: [PATCH 2/3] feat: add EC2 DescribeRouteTables action to role policy for FSx management --- tpls/automq_byoc_role_policy.json.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/tpls/automq_byoc_role_policy.json.tpl b/tpls/automq_byoc_role_policy.json.tpl index 5472e13..04fc1b9 100644 --- a/tpls/automq_byoc_role_policy.json.tpl +++ b/tpls/automq_byoc_role_policy.json.tpl @@ -114,6 +114,7 @@ { "Effect": "Allow", "Action": [ + "ec2:DescribeRouteTables", "fsx:CreateFileSystem", "fsx:DeleteFileSystem", "fsx:CreateStorageVirtualMachine", From 696b7acb22fb60238b593d01aca0ce11102c7b2f Mon Sep 17 00:00:00 2001 From: Gezi-lzq Date: Tue, 21 Oct 2025 20:28:38 +0800 Subject: [PATCH 3/3] feat: allow custom AMI usage in console AMI data source --- aws.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws.tf b/aws.tf index 5992e4a..cc794cb 100644 --- a/aws.tf +++ b/aws.tf @@ -183,7 +183,7 @@ locals { data "aws_ami" "console_ami" { most_recent = true - owners = ["730389100204"] + owners = var.use_custom_ami ? ["self"] : ["730389100204"] filter { name = "name"