Merge pull request #4 from ministryofjustice/ecr-read-all

User should have read permissions across the registry
ministryofjustice · Jul 24, 2018 · 13c0c52 · 13c0c52
2 parents aaecd0a + b188c8a
commit 13c0c52
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/main.tf b/main.tf
@@ -21,16 +21,9 @@ resource "aws_iam_access_key" "key" {
 data "aws_iam_policy_document" "policy" {
   statement {
     actions = [
-      "ecr:GetDownloadUrlForLayer",
-      "ecr:BatchGetImage",
       "ecr:CompleteLayerUpload",
-      "ecr:DescribeImages",
-      "ecr:DescribeRepositories",
       "ecr:UploadLayerPart",
-      "ecr:ListImages",
       "ecr:InitiateLayerUpload",
-      "ecr:BatchCheckLayerAvailability",
-      "ecr:GetRepositoryPolicy",
       "ecr:PutImage",
     ]
 
@@ -42,6 +35,13 @@ data "aws_iam_policy_document" "policy" {
   statement {
     actions = [
       "ecr:GetAuthorizationToken",
+      "ecr:BatchCheckLayerAvailability",
+      "ecr:GetDownloadUrlForLayer",
+      "ecr:GetRepositoryPolicy",
+      "ecr:DescribeRepositories",
+      "ecr:ListImages",
+      "ecr:DescribeImages",
+      "ecr:BatchGetImage",
     ]
 
     resources = [