AWS Security ChangesHomeSearch

AWS AmazonECR documentation change

Service: AmazonECR · 2025-10-16 · Documentation low

File: AmazonECR/latest/public/security_iam_id-based-policy-examples.md

Summary

Replaced inline IAM policy JSON with a reference to the AWS managed policy AmazonElasticContainerRegistryPublicReadOnly

Security assessment

The change promotes using AWS managed policies, which is a security best practice, but does not address a specific vulnerability. Managed policies ensure up-to-date permissions without manual maintenance.

Diff

diff --git a/AmazonECR/latest/public/security_iam_id-based-policy-examples.md b/AmazonECR/latest/public/security_iam_id-based-policy-examples.md
index 9a56a4bd4..d2feb66c5 100644
--- a//AmazonECR/latest/public/security_iam_id-based-policy-examples.md
+++ b//AmazonECR/latest/public/security_iam_id-based-policy-examples.md
@@ -57,20 +57 @@ To ensure that those entities can still use the Amazon ECR console, add the `Ama
-    
-    {
-        "Version": "2012-10-17",&TCX5-2025-waiver;
-        "Statement": [{
-            "Effect": "Allow",
-            "Action": [
-                "ecr-public:GetAuthorizationToken",
-                "sts:GetServiceBearerToken",
-                "ecr-public:BatchCheckLayerAvailability",
-                "ecr-public:GetRepositoryPolicy",
-                "ecr-public:DescribeRepositories",
-                "ecr-public:DescribeRegistries",
-                "ecr-public:DescribeImages",
-                "ecr-public:DescribeImageTags",
-                "ecr-public:GetRepositoryCatalogData",
-                "ecr-public:GetRegistryCatalogData"
-            ],
-            "Resource": "*"
-        }]
-    }
+To view the permissions for this policy, see [AmazonElasticContainerRegistryPublicReadOnly](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonElasticContainerRegistryPublicReadOnly.html) in the _AWS Managed Policy Reference_.