Merge pull request #30 from Niksko/add-iam-permissions

Author: 72636c

README.md

@@ -192,7 +192,7 @@ steps:
       - my-custom-plugin#v1.0.0:
 ```
 
-### AWS ECR specific options
+### AWS ECR specific configuration
 
 #### Specifying an ECR repository name
 
@@ -212,6 +212,34 @@ steps:
       - docker#v3.3.0
 ```
 
+#### Required permissions
+
+Below is a sample set of IAM policy statements that will allow this plugin to work:
+
+```yaml
+- Sid: AllowRepositoryActions
+  Action:
+    - ecr:BatchCheckLayerAvailability
+    - ecr:BatchGetImage
+    - ecr:CompleteLayerUpload
+    - ecr:CreateRepository
+    - ecr:DescribeImages
+    - ecr:DescribeRepositories
+    - ecr:InitiateLayerUpload
+    - ecr:PutImage
+    - ecr:PutLifecyclePolicy
+    - ecr:SetRepositoryPolicy
+    - ecr:UploadLayerPart
+  Effect: Allow
+  Resource:
+    - Fn::Sub: arn:aws:ecr:*:${AWS::AccountId}:repository/build-cache/${YourOrganisationSlug}/${YourPipelineSlug}
+- Sid: AllowGetAuthorizationToken
+  Action:
+    - ecr:GetAuthorizationToken
+  Resource: "*"
+  Effect: Allow
+```
+
 ### GCP GCR specific configuration
 
 [Overview of Google Container Registry](https://cloud.google.com/container-registry/docs/overview)