CDK: Add scrutinice permissions (#2118)

### Issues: Addresses P187446337 ### Description of changes: Grant permissions required for Scrutinice. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
aws · Jan 15, 2025 · 94daeb2 · 94daeb2
1 parent 0f8e07e
commit 94daeb2
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/tests/ci/cdk/util/iam_policies.py b/tests/ci/cdk/util/iam_policies.py
@@ -207,6 +207,17 @@ def ecr_power_user_policy_in_json(ecr_repo_names):
                     "ecr:PutImage"
                 ],
                 "Resource": ecr_arns
+            },
+            {
+                "Sid": "scrutinice",
+                "Effect": "Allow",
+                "Principal": {
+                    "AWS": "arn:aws:iam::222961743098:role/scrutini-ecr"
+                },
+                "Action": [
+                    "ecr:BatchGetImage",
+                    "ecr:GetDownloadUrlForLayer"
+                ]
             }
         ]
     }