AWS Security ChangesHomeSearch

AWS AmazonECR medium security documentation change

Service: AmazonECR · 2025-04-11 · Security-related medium

File: AmazonECR/latest/userguide/image-push-iam.md

Summary

Modified IAM policy example to restrict resource from wildcard (*) to specific repository ARN pattern

Security assessment

Change demonstrates principle of least privilege by narrowing IAM permissions from wildcard to specific resources, which is a security best practice

Diff

diff --git a/AmazonECR/latest/userguide/image-push-iam.md b/AmazonECR/latest/userguide/image-push-iam.md
index 882631e1b..a5974b324 100644
--- a//AmazonECR/latest/userguide/image-push-iam.md
+++ b//AmazonECR/latest/userguide/image-push-iam.md
@@ -11 +11 @@ A user must authenticate to each Amazon ECR registry they want to push images to
-You can also create a your own IAM policies. The following IAM policy grants the required permissions for pushing an image to a specific repository. The repository must be specified as a full Amazon Resource Name (ARN).
+You can also create a your own IAM policies. The following IAM policy grants the required permissions for pushing an image to a specific repository. To limit the permissions for a specific repository, use the full Amazon Resource Name (ARN) of the repository.
@@ -53 +53 @@ The following IAM policy grants the required permissions for pushing an image to
-                "Resource": "*"
+                 "Resource": "arn:aws:ecr:region:111122223333:repository/*"