Skip to content

Commit

Permalink
Merge pull request #16 from DNXLabs/feature/cross_account_policy
Browse files Browse the repository at this point in the history 
Adding AWS Lambda cross account deploy policy
  • Loading branch information
@jrpradojr
jrpradojr authored Apr 27, 2022
2 parents b3553ad + b8d4e6f commit 748efa8
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions ecr-policies.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,26 @@ resource "aws_ecr_repository_policy" "default" {
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload"
]
},
{
"Sid": "LambdaECRImageCrossAccountRetrievalPolicy",
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Condition": {
"StringLike": {
"aws:sourceArn": [
${join(",", formatlist("\"arn:aws:lambda:%s:%s:function:*\"", data.aws_region.current.name, var.trust_accounts))}
]
}
}
}
]
}
Expand Down

0 comments on commit 748efa8

Please sign in to comment.