AWS Security ChangesHomeSearch

AWS codepipeline documentation change

Service: codepipeline · 2025-03-30 · Documentation low

File: codepipeline/latest/userguide/action-reference-ECR.md

Summary

Added 'Service role permissions: Amazon ECR action' section with ECR DescribeImages permission

Security assessment

Documents required permissions for ECR image inspection as part of security configuration, not a vulnerability fix

Diff

diff --git a/codepipeline/latest/userguide/action-reference-ECR.md b/codepipeline/latest/userguide/action-reference-ECR.md
index ca38f0487..286414bb7 100644
--- a/codepipeline/latest/userguide/action-reference-ECR.md
+++ b/codepipeline/latest/userguide/action-reference-ECR.md
@@ -5 +5 @@
-Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesAction declaration (Amazon ECR example)See also
+Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesService role permissions: Amazon ECR actionAction declaration (Amazon ECR example)See also
@@ -30,0 +31,2 @@ You must have already created an Amazon ECR repository and pushed an image befor
+  * Service role permissions: Amazon ECR action
+
@@ -119,0 +122,15 @@ The URI for the image.
+## Service role permissions: Amazon ECR action
+
+For Amazon ECR support, add the following to your policy statement:
+    
+    
+    {
+        "Effect": "Allow",
+        "Action": [
+            "ecr:DescribeImages"
+        ],
+        "Resource": "resource_ARN"
+    },
+
+For more information about this action, see [Amazon ECR source action reference](./action-reference-ECR.html).
+