AWS Security ChangesHomeSearch

AWS application-discovery documentation change

Service: application-discovery · 2026-01-10 · Documentation medium

File: application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md

Summary

Added section on configuring data perimeters for ECR access and updated section title

Security assessment

Documents security feature (data perimeters) for accessing AWS-owned resources. Provides ARN and required permissions but doesn't address a specific vulnerability.

Diff

diff --git a/application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md b/application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md
index ea07e11cc..8194e051f 100644
--- a//application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md
+++ b//application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md
@@ -5 +5 @@
-Configure firewall
+Configure data perimeterConfigure firewall
@@ -35,0 +36,11 @@ The Agentless Collector supports all of these versions of VMware, but we current
+## Configure data perimeter for access to AWS service-owned resources
+
+The Agentless Collector automatic update feature retrieves updates in the form of Docker images from an AWS service-owned Public ECR Repository. If you are using data perimeters to control access to Amazon ECR in your environment, you might need to explicitly allow access to the following to use the automatic update feature:
+
+  * Resource ARNs that require access: `arn:aws:ecr-public::446372222237:repository/6e5498e4-8c31-4f57-9991-13b4b992ff7b`
+
+  * Required permissions: `ecr-public:DescribeImages`
+
+
+
+