AWS application-discovery documentation change
Summary
Added section on configuring data perimeters for ECR access and updated section title
Security assessment
Documents security feature (data perimeters) for accessing AWS-owned resources. Provides ARN and required permissions but doesn't address a specific vulnerability.
Diff
diff --git a/application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md b/application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md index ea07e11cc..8194e051f 100644 --- a//application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md +++ b//application-discovery/latest/userguide/agentless-collector-gs-prerequisites.md @@ -5 +5 @@ -Configure firewall +Configure data perimeterConfigure firewall @@ -35,0 +36,11 @@ The Agentless Collector supports all of these versions of VMware, but we current +## Configure data perimeter for access to AWS service-owned resources + +The Agentless Collector automatic update feature retrieves updates in the form of Docker images from an AWS service-owned Public ECR Repository. If you are using data perimeters to control access to Amazon ECR in your environment, you might need to explicitly allow access to the following to use the automatic update feature: + + * Resource ARNs that require access: `arn:aws:ecr-public::446372222237:repository/6e5498e4-8c31-4f57-9991-13b4b992ff7b` + + * Required permissions: `ecr-public:DescribeImages` + + + +