AWS AmazonECR documentation change
Summary
Added JSON policy example allowing cross-account image push permissions
Security assessment
Standard repository policy example update for access control configuration. No indication of resolving security issues or introducing security-focused capabilities.
Diff
diff --git a/AmazonECR/latest/public/public-repository-policy-examples.md b/AmazonECR/latest/public/public-repository-policy-examples.md index c83cf15d1..65102ca48 100644 --- a//AmazonECR/latest/public/public-repository-policy-examples.md +++ b//AmazonECR/latest/public/public-repository-policy-examples.md @@ -58,0 +59,29 @@ The following repository policy allows a specific account to push images. +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Sid": "AllowCrossAccountPush", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::111122223333:root" + }, + "Action": [ + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:PutImage", + "ecr-public:InitiateLayerUpload", + "ecr-public:UploadLayerPart", + "ecr-public:CompleteLayerUpload" + ], + "Resource": "*" + } + ] + } + +