AWS codepipeline documentation change
Summary
Added 'Service role permissions: Amazon ECR action' section with ECR DescribeImages permission
Security assessment
Documents required permissions for ECR image inspection as part of security configuration, not a vulnerability fix
Diff
diff --git a/codepipeline/latest/userguide/action-reference-ECR.md b/codepipeline/latest/userguide/action-reference-ECR.md index ca38f0487..286414bb7 100644 --- a/codepipeline/latest/userguide/action-reference-ECR.md +++ b/codepipeline/latest/userguide/action-reference-ECR.md @@ -5 +5 @@ -Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesAction declaration (Amazon ECR example)See also +Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesService role permissions: Amazon ECR actionAction declaration (Amazon ECR example)See also @@ -30,0 +31,2 @@ You must have already created an Amazon ECR repository and pushed an image befor + * Service role permissions: Amazon ECR action + @@ -119,0 +122,15 @@ The URI for the image. +## Service role permissions: Amazon ECR action + +For Amazon ECR support, add the following to your policy statement: + + + { + "Effect": "Allow", + "Action": [ + "ecr:DescribeImages" + ], + "Resource": "resource_ARN" + }, + +For more information about this action, see [Amazon ECR source action reference](./action-reference-ECR.html). +