diff --git a/_partials/clusters/aws/eks-pod-identity/_eks-pod-identity-prerequisites.mdx b/_partials/clusters/aws/eks-pod-identity/_eks-pod-identity-prerequisites.mdx index 860f7c255fa..6c8647128f9 100644 --- a/_partials/clusters/aws/eks-pod-identity/_eks-pod-identity-prerequisites.mdx +++ b/_partials/clusters/aws/eks-pod-identity/_eks-pod-identity-prerequisites.mdx @@ -204,6 +204,29 @@ partial_name: eks-pod-identity-prerequisites "kms:GetKeyRotationStatus" ], "Resource": "*" + }, + { + "Sid": "AllowECRRead", + "Effect": "Allow", + "Action": [ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:DescribeImages", + "ecr:DescribeImageScanFindings", + "ecr:ListRepositories", + "ecr:ListImages", + "ecr:GetRepositoryPolicy", + "ecr:GetLifecyclePolicy", + "ecr:GetLifecyclePolicyPreview", + "ecr:DescribeImageReplicationStatus", + "ecr:DescribeRegistry", + "ecr:GetRegistryPolicy", + "ecr:GetRegistryScanningConfiguration" + ], + "Resource": "*" } ] } @@ -582,6 +605,29 @@ partial_name: eks-pod-identity-prerequisites "kms:GetKeyRotationStatus" ], "Resource": "*" + }, + { + "Sid": "AllowECRRead", + "Effect": "Allow", + "Action": [ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:DescribeImages", + "ecr:DescribeImageScanFindings", + "ecr:ListRepositories", + "ecr:ListImages", + "ecr:GetRepositoryPolicy", + "ecr:GetLifecyclePolicy", + "ecr:GetLifecyclePolicyPreview", + "ecr:DescribeImageReplicationStatus", + "ecr:DescribeRegistry", + "ecr:GetRegistryPolicy", + "ecr:GetRegistryScanningConfiguration" + ], + "Resource": "*" } ] }