From 5edf9ce2fb81ffd5667cc0c5f895308d7569a10b Mon Sep 17 00:00:00 2001
From: Szilard Kalosi <kalosi.szilard@gmail.com>
Date: Wed, 15 Sep 2021 16:29:56 +0200
Subject: [PATCH 1/2] Adding PassRole for ECS tasks as it is required for
 Fargate

---
 locals.tf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/locals.tf b/locals.tf
index 9a1d61b..19ac3cc 100644
--- a/locals.tf
+++ b/locals.tf
@@ -250,6 +250,19 @@ locals {
         default_resources = ["*"]
       }
 
+      iam_PassRole = {
+        actions = [
+          "iam:PassRole"
+        ]
+        condition = [
+          {
+            test     = "StringEquals"
+            variable = "iam:PassedToService"
+            values   = ["ecs-tasks.amazonaws.com"]
+          }
+        ]
+      }
+
       events = {
         actions = [
           "events:PutTargets",
@@ -265,6 +278,19 @@ locals {
           "ecs:RunTask"
         ]
       }
+
+      iam_PassRole = {
+        actions = [
+          "iam:PassRole"
+        ]
+        condition = [
+          {
+            test     = "StringEquals"
+            variable = "iam:PassedToService"
+            values   = ["ecs-tasks.amazonaws.com"]
+          }
+        ]
+      }
     }
 
     # https://docs.aws.amazon.com/step-functions/latest/dg/glue-iam.html

From a77e69da032b7059b41ad5393ac239ac46f3f125 Mon Sep 17 00:00:00 2001
From: Szilard Kalosi <kalosi.szilard@gmail.com>
Date: Wed, 15 Sep 2021 17:27:21 +0200
Subject: [PATCH 2/2] update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a694134..a8f823c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 <a name="unreleased"></a>
 ## [Unreleased]
 
+- feat: adding PassRole for ECS tasks as it is required for Fargate ([#24](https://github.com/terraform-aws-modules/terraform-aws-step-functions/issues/24))
 
 
 <a name="v2.4.0"></a>