Merge pull request #34 from michaeldeggers/update-permissions

allow ecr auth for public aws repos - service bearer tokens
michaeldeggers · Dec 23, 2023 · 9d6c6fb · 9d6c6fb
2 parents bba38f6 + a49f412
commit 9d6c6fb
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/aws/main.tf b/aws/main.tf
@@ -189,9 +189,11 @@ resource "aws_iam_role" "deploy" {
             "arn:aws:iam::${var.aws_account_id}:instance-profile/eggs-projects-*"
           ]
         },
+        # Public ECR Repo Auth permissions
         {
           Action = [
-            "ecr-public:GetAuthorizationToken"
+            "ecr-public:GetAuthorizationToken",
+            "sts:GetServiceBearerToken"
           ]
           Effect = "Allow"
           Resource = "*"