Fix ecr permissions for scrutinice

[samuel40791765]

Resolves P195993156

There was a minor missing line in our cdk permissions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.96%. Comparing base (7965343) to head (ad28910).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2154      +/-   ##
==========================================
- Coverage   78.97%   78.96%   -0.02%     
==========================================
  Files         611      611              
  Lines      105541   105541              
  Branches    14950    14948       -2     
==========================================
- Hits        83353    83339      -14     
- Misses      21533    21550      +17     
+ Partials      655      652       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nhatnghiho]

Deploying the CDK with this ECR permission would give me this error. I think it's because we need to use a resource-based policy, not an identity-based policy.

RuntimeError: Error: Validation failed with the following errors:
  [aws-lc-docker-image-build-linux/aws-lc-docker-image-build-linux-role] A PolicyStatement used in an identity-based policy cannot specify any IAM principals.
  [aws-lc-docker-image-build-windows/aws-lc-docker-image-build-windows-role] A PolicyStatement used in an identity-based policy cannot specify any IAM principals.
  [aws-lc-ci-ec2-test-framework/aws-lc-ci-ec2-test-framework-ec2-role] A PolicyStatement used in an identity-based policy cannot specify any IAM principals.