codepipeline: EcsDeployAction missing ecs:TagResource

[pahud]

Describe the bug

According to the document, ecs:TagResource is required for the role but missing in our code:

aws-cdk/packages/aws-cdk-lib/aws-codepipeline-actions/lib/ecs/deploy-action.ts

Lines 84 to 92 in f0383d6

	options.role.addToPolicy(new iam.PolicyStatement({
	actions: [
	'ecs:DescribeServices',
	'ecs:DescribeTaskDefinition',
	'ecs:DescribeTasks',
	'ecs:ListTasks',
	'ecs:RegisterTaskDefinition',
	'ecs:UpdateService',
	],

Expected Behavior

The correct policy statement should be updated:

{
    "Effect": "Allow",
    "Action": [
        "ecs:DescribeServices",
        "ecs:DescribeTaskDefinition",
        "ecs:DescribeTasks",
        "ecs:ListTasks",
        "ecs:RegisterTaskDefinition",
        "ecs:TagResource",
        "ecs:UpdateService"
    ],
    "Resource": "resource_ARN"
},

Current Behavior

missing ecs:TagResource

Reproduction Steps

N/A

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

v2.131.0

Framework Version

No response

Node.js Version

all versions

OS

all

Language

TypeScript

Language Version

No response

Other information

No response

[pahud]

internal tracking V1285811012

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.