You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4-3Lines changed: 4 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -89,10 +89,11 @@ s3: GetObject
89
89
# all type scanning
90
90
codebuild: StartBuild
91
91
92
-
# deploy_image_scanning_ecr
93
-
ecs:DescribeTaskDefinition
94
92
95
93
# deploy_image_scanning_ecs
94
+
ecs:DescribeTaskDefinition
95
+
96
+
# deploy_image_scanning_ecr
96
97
ecr: GetAuthorizationToken
97
98
ecr: BatchCheckLayerAvailability
98
99
ecr: GetDownloadUrlForLayer
@@ -107,7 +108,7 @@ ecr: ListTagsForResource
107
108
ecr: DescribeImageScanFindings
108
109
```
109
110
- Other Notes:
110
-
-[Runtime AWS IAM permissions on JSON Statement format](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/resources/policy-single-account-k8s-aws.json)
111
+
-[Runtime AWS IAM permissions on JSON Statement format](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/resources/sfc-policy.json)
111
112
- only Sysdig workload related permissions are specified above; infrastructure internal resource permissions (such as Cloudtrail permissions to publish on SNS, or SNS-SQS Subscription)
112
113
are not detailed.
113
114
- For a better security, permissions are resource pinned, instead of `*`
0 commit comments