AWS AmazonECR documentation change
Summary
Replaced inline IAM policy JSON with a reference to the AWS managed policy AmazonElasticContainerRegistryPublicReadOnly
Security assessment
The change promotes using AWS managed policies, which is a security best practice, but does not address a specific vulnerability. Managed policies ensure up-to-date permissions without manual maintenance.
Diff
diff --git a/AmazonECR/latest/public/security_iam_id-based-policy-examples.md b/AmazonECR/latest/public/security_iam_id-based-policy-examples.md index 9a56a4bd4..d2feb66c5 100644 --- a//AmazonECR/latest/public/security_iam_id-based-policy-examples.md +++ b//AmazonECR/latest/public/security_iam_id-based-policy-examples.md @@ -57,20 +57 @@ To ensure that those entities can still use the Amazon ECR console, add the `Ama - - { - "Version": "2012-10-17",&TCX5-2025-waiver; - "Statement": [{ - "Effect": "Allow", - "Action": [ - "ecr-public:GetAuthorizationToken", - "sts:GetServiceBearerToken", - "ecr-public:BatchCheckLayerAvailability", - "ecr-public:GetRepositoryPolicy", - "ecr-public:DescribeRepositories", - "ecr-public:DescribeRegistries", - "ecr-public:DescribeImages", - "ecr-public:DescribeImageTags", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRegistryCatalogData" - ], - "Resource": "*" - }] - } +To view the permissions for this policy, see [AmazonElasticContainerRegistryPublicReadOnly](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonElasticContainerRegistryPublicReadOnly.html) in the _AWS Managed Policy Reference_.