AWS AmazonECR documentation change
Summary
Replaced inline IAM policy JSON example with reference to AWS managed policy AmazonElasticContainerRegistryPublicReadOnly
Security assessment
The change promotes using AWS-managed policies over custom policies, which is a security best practice but does not indicate a specific security vulnerability being addressed. Managed policies ensure consistent permissions and reduce misconfiguration risks.
Diff
diff --git a/AmazonECR/latest/userguide/security_iam_id-based-policy-examples.md b/AmazonECR/latest/userguide/security_iam_id-based-policy-examples.md index e0baa3789..8ffda4e46 100644 --- a//AmazonECR/latest/userguide/security_iam_id-based-policy-examples.md +++ b//AmazonECR/latest/userguide/security_iam_id-based-policy-examples.md @@ -55,24 +55 @@ To ensure that those entities can still use the Amazon ECR console, add the `Ama - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:GetRepositoryPolicy", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecr:DescribeImages", - "ecr:BatchGetImage", - "ecr:GetLifecyclePolicy", - "ecr:GetLifecyclePolicyPreview", - "ecr:ListTagsForResource", - "ecr:DescribeImageScanFindings" - ], - "Resource": "*" - } - ] - } +To view the permissions for this policy, see [AmazonElasticContainerRegistryPublicReadOnly](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonElasticContainerRegistryPublicReadOnly.html) in the _AWS Managed Policy Reference_.