AWS braket documentation change
Summary
Phrasing improvements and clarification about ECR repository permissions
Security assessment
While the ECR policy guidance emphasizes least-privilege access, this is existing security best practice reinforcement rather than new security documentation. The changes are primarily grammatical ('in order to' -> 'to').
Diff
diff --git a/braket/latest/developerguide/bring-own-container-recipe.md b/braket/latest/developerguide/bring-own-container-recipe.md index 2245ae042..cb3163e13 100644 --- a//braket/latest/developerguide/bring-own-container-recipe.md +++ b//braket/latest/developerguide/bring-own-container-recipe.md @@ -9 +9 @@ A base image for your Dockerfile(Optional) A modified container entry point scri -In this section, we provide a step-by-step guide of what you’ll need to bring your own container (BYOC) to Braket Hybrid Jobs — the scripts, files, and steps to combine them in order to get up and running with your custom Docker images. We provide recipes for two common cases: +In this section, we provide a step-by-step guide of what you’ll need to bring your own container (BYOC) to Braket Hybrid Jobs — the scripts, files, and steps to combine them to get up and running with your custom Docker images. We provide recipes for two common cases: @@ -188 +188 @@ For the sample file defined above, you could run: -Braket Hybrid Jobs Docker images must be hosted in private Amazon ECR repositories. By default, a private Amazon ECR repo does **not** provide read access to the Braket Hybrid Jobs IAM role or to any other users that want to use your image, such as a collaborator or student. You must [set a repository policy](https://docs.aws.amazon.com/AmazonECR/latest/userguide/set-repository-policy.html) in order to grant the appropriate permissions. In general, only give permission to those specific users and IAM roles you want to access your images, rather than allowing anyone with the image URI to pull them. +Braket Hybrid Jobs Docker images must be hosted in private Amazon ECR repositories. By default, a private Amazon ECR repo does **not** provide read access to the Braket Hybrid Jobs IAM role or to any other users that want to use your image, such as a collaborator or student. You must [set a repository policy](https://docs.aws.amazon.com/AmazonECR/latest/userguide/set-repository-policy.html) to grant the appropriate permissions. In general, only give permission to those specific users and IAM roles you want to access your images, rather than allowing anyone with the image URI to pull them.