You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create an input variable for Principal ARNs to provide power user access to ECR.
Expected Behavior
Principal ARNs will be provided with actions that match the policy AmazonEC2ContainerRegistryPowerUser which provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes.
Use Case
A centrally managed environment where Principal ARNs are allowed to update images in ECR repos but not alter policies or delete repos. This will add a guardrail to prevent unintentional/intentional deletion of repos containing nonrecoverable container images.
Alternatives Considered
Grant the ability create custom policies to attach to either current Principal ARN input.
The text was updated successfully, but these errors were encountered:
Describe the Feature
Create an input variable for Principal ARNs to provide power user access to ECR.
Expected Behavior
Principal ARNs will be provided with actions that match the policy AmazonEC2ContainerRegistryPowerUser which provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes.
Use Case
A centrally managed environment where Principal ARNs are allowed to update images in ECR repos but not alter policies or delete repos. This will add a guardrail to prevent unintentional/intentional deletion of repos containing nonrecoverable container images.
Alternatives Considered
Grant the ability create custom policies to attach to either current Principal ARN input.
The text was updated successfully, but these errors were encountered: