AWS whitepapers documentation change
Summary
Removed an example ECR repository policy granting cross-account access to SageMaker.
Security assessment
This is likely documentation restructuring. The removed example was not explicitly insecure, and there is no indication the change addresses a vulnerability.
Diff
diff --git a/whitepapers/latest/build-secure-enterprise-ml-platform/container-repository-management.md b/whitepapers/latest/build-secure-enterprise-ml-platform/container-repository-management.md index 4950a086d..4dbb692ea 100644 --- a//whitepapers/latest/build-secure-enterprise-ml-platform/container-repository-management.md +++ b//whitepapers/latest/build-secure-enterprise-ml-platform/container-repository-management.md @@ -56,23 +55,0 @@ For example, the following policy establishes access to ECR repository by a prin - - { - "Version": "2008-10-17", - "Statement": [ - { - "Sid": "SagemakerECRRepo", - "Effect": "Allow", - "Principal": { - "AWS": "<AWS_SageMaker_Principal_ARN in other account>" - }, - "Action": [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:BatchCheckLayerAvailability", - "ecr:PutImage", - "ecr:InitiateLayerUpload", - "ecr:UploadLayerPart", - "ecr:CompleteLayerUpload" - ] - } - ] - } -