Skip to content

Reduce permission to functions only #96

New issue
New issue
Open
Open
Reduce permission to functions only#96
Labels
bug🐛 An issue with the system
@ngoyal16

Description

@ngoyal16
ngoyal16
opened on May 21, 2022

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

Currently CrossAccountPermission permission also being added to the ECR policy when principle_lambda variable is added. which will allow members form other account to use image apart from lambda also. and it is also working without adding that CrossAccountPermission as well

Expected Behavior

  1. should not allow permission other then lambda functions
  2. Write only permission feature should be there which will allow user to write image only to the ecr repo. not other features.
{
      "Sid": "WriteOnlyAccess",
      "Effect": "Allow",
      "Principal": {
        "AWS": "priniciple_arn"
      },
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:CompleteLayerUpload",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ]
    }

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug🐛 An issue with the system

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions