AWS AmazonECR medium security documentation change
Summary
Added JSON policy example restricting ECR actions by IP address range
Security assessment
The added policy demonstrates IP-based access control, which is a security feature limiting access to specific network ranges. This directly relates to securing ECR resources.
Diff
diff --git a/AmazonECR/latest/userguide/ecr-requests.md b/AmazonECR/latest/userguide/ecr-requests.md index 41dbb9395..214ef8dcd 100644 --- a//AmazonECR/latest/userguide/ecr-requests.md +++ b//AmazonECR/latest/userguide/ecr-requests.md @@ -115,0 +116,24 @@ IAM policies that filter IP addresses use [IP Address Condition Operators](https +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Sid": "IPAllow", + "Effect": "Allow", + "Principal": "*", + "Action": "ecr:*", + "Resource": "arn:aws:ecr:*:*:repository/exampleregistry/*", + "Condition": { + "IpAddress": {"aws:SourceIp": "54.240.143.0/24"} + } + } + ] + } + +