From d3f4866ba5f38b6397ba931ae3d84bd7cdb7b18d Mon Sep 17 00:00:00 2001
From: Miguel Angel Baztan <miguel.baztan@sysdig.com>
Date: Mon, 17 Oct 2022 16:19:56 +0200
Subject: [PATCH] fix: Add ECRReader permission role to beta scanner ecr (#134)

Add back both resource and data "ecr_reader" when using beta_scanning
---
 modules/services/cloud-connector-ecs/permissions.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/services/cloud-connector-ecs/permissions.tf b/modules/services/cloud-connector-ecs/permissions.tf
index bc76a20a..c9d262e5 100644
--- a/modules/services/cloud-connector-ecs/permissions.tf
+++ b/modules/services/cloud-connector-ecs/permissions.tf
@@ -135,14 +135,14 @@ data "aws_iam_policy_document" "task_definition_reader" {
 
 # image scanning - ecr
 resource "aws_iam_role_policy" "ecr_reader" {
-  count  = local.deploy_image_scanning_with_codebuild ? 1 : 0
+  count  = local.deploy_image_scanning ? 1 : 0
   name   = "ECRReader"
   role   = local.ecs_task_role_id
   policy = data.aws_iam_policy_document.ecr_reader[0].json
 }
 
 data "aws_iam_policy_document" "ecr_reader" {
-  count = local.deploy_image_scanning_with_codebuild ? 1 : 0
+  count = local.deploy_image_scanning ? 1 : 0
   statement {
     effect = "Allow"
     actions = [