Adding Amazon ECR and OpenSearch Serverless to RCPs

tatyatsk · tatyatsk · commit 7d4abe6507ee · 2025-06-19T09:27:49.000-04:00
diff --git a/resource_control_policies/identity_perimeter_rcp.json b/resource_control_policies/identity_perimeter_rcp.json
@@ -16,7 +16,9 @@
                 "sts:GetFederationToken",
                 "sts:GetServiceBearerToken",
                 "sts:GetSessionToken",
-                "sts:SetContext"
+                "sts:SetContext",
+                "aoss:*",
+                "ecr:*"
             ],
             "Resource": "*",
             "Condition": {
@@ -73,7 +75,9 @@
                 "sqs:*",
                 "kms:*",
                 "secretsmanager:*",
-                "sts:*"
+                "sts:*",
+                "aoss:*",
+                "ecr:*"
             ],
             "Resource": "*",
             "Condition": {
diff --git a/resource_control_policies/network_perimeter_rcp.json b/resource_control_policies/network_perimeter_rcp.json
@@ -16,7 +16,9 @@
                 "sts:GetFederationToken",
                 "sts:GetServiceBearerToken",
                 "sts:GetSessionToken",
-                "sts:SetContext"
+                "sts:SetContext",
+                "aoss:*",
+                "ecr:*"
             ],
             "Resource": "*",
             "Condition": {
diff --git a/resource_control_policies/resource_based_policies/ecr_repository_policy.json b/resource_control_policies/resource_based_policies/ecr_repository_policy.json
