AWS AmazonECR documentation change
Summary
Added JSON policy example for ECR image push permissions
Security assessment
The policy demonstrates least-privilege permissions for image pushing operations, but does not address a specific security vulnerability.
Diff
diff --git a/AmazonECR/latest/userguide/image-push-iam.md b/AmazonECR/latest/userguide/image-push-iam.md index 90f167984..73eb70700 100644 --- a//AmazonECR/latest/userguide/image-push-iam.md +++ b//AmazonECR/latest/userguide/image-push-iam.md @@ -12,0 +13,31 @@ You can also create a your own IAM policies. The following IAM policy grants the +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ecr:CompleteLayerUpload", + "ecr:UploadLayerPart", + "ecr:InitiateLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage", + "ecr:BatchGetImage" + ], + "Resource": "arn:aws:ecr:us-east-1:111122223333:repository/repository-name" + }, + { + "Effect": "Allow", + "Action": "ecr:GetAuthorizationToken", + "Resource": "*" + } + ] + } + +