Add AmazonEC2ContainerRegistryReadOnly policy to provide read-only …

…access to `ECR` repositories (#15)
cloudposse · Oct 3, 2017 · 60d56ad · 60d56ad
1 parent 760479e
commit 60d56ad
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -122,6 +122,13 @@ resource "aws_iam_role_policy_attachment" "ssm-automation" {
   }
 }
 
+# http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html
+# http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html#AmazonEC2ContainerRegistryReadOnly
+resource "aws_iam_role_policy_attachment" "ecr-readonly" {
+  role       = "${aws_iam_role.ec2.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
 resource "aws_ssm_activation" "ec2" {
   name               = "${module.label.id}"
   iam_role           = "${aws_iam_role.ec2.id}"