fix: Remove Public ECR permissions from repository template permissions

terraform-aws-modules · Nov 27, 2024 · 23902b4 · 23902b4
1 parent 124c139
commit 23902b4
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 22 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

diff --git a/modules/repository-template/main.tf b/modules/repository-template/main.tf
@@ -117,27 +117,6 @@ data "aws_iam_policy_document" "repository" {
     }
   }
 
-  dynamic "statement" {
-    for_each = length(var.repository_read_write_access_arns) > 0 ? [var.repository_read_write_access_arns] : []
-
-    content {
-      sid = "ReadWrite"
-
-      principals {
-        type        = "AWS"
-        identifiers = statement.value
-      }
-
-      actions = [
-        "ecr-public:BatchCheckLayerAvailability",
-        "ecr-public:CompleteLayerUpload",
-        "ecr-public:InitiateLayerUpload",
-        "ecr-public:PutImage",
-        "ecr-public:UploadLayerPart",
-      ]
-    }
-  }
-
   dynamic "statement" {
     for_each = var.repository_policy_statements