From 23902b4dedf1d7972c29dd15e3913d6dd1afac67 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Tue, 26 Nov 2024 19:25:42 -0600
Subject: [PATCH] fix: Remove Public ECR permissions from repository template
 permissions

---
 .pre-commit-config.yaml             |  2 +-
 modules/repository-template/main.tf | 21 ---------------------
 2 files changed, 1 insertion(+), 22 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7e4e7da..5e0e62c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
diff --git a/modules/repository-template/main.tf b/modules/repository-template/main.tf
index 8a83e6d..7aca637 100644
--- a/modules/repository-template/main.tf
+++ b/modules/repository-template/main.tf
@@ -117,27 +117,6 @@ data "aws_iam_policy_document" "repository" {
     }
   }
 
-  dynamic "statement" {
-    for_each = length(var.repository_read_write_access_arns) > 0 ? [var.repository_read_write_access_arns] : []
-
-    content {
-      sid = "ReadWrite"
-
-      principals {
-        type        = "AWS"
-        identifiers = statement.value
-      }
-
-      actions = [
-        "ecr-public:BatchCheckLayerAvailability",
-        "ecr-public:CompleteLayerUpload",
-        "ecr-public:InitiateLayerUpload",
-        "ecr-public:PutImage",
-        "ecr-public:UploadLayerPart",
-      ]
-    }
-  }
-
   dynamic "statement" {
     for_each = var.repository_policy_statements