fix: Remove Public ECR permissions from repository template permissions (#51)

Author: bryantbiggs

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

modules/repository-template/main.tf

@@ -117,27 +117,6 @@ data "aws_iam_policy_document" "repository" {
     }
   }
 
-  dynamic "statement" {
-    for_each = length(var.repository_read_write_access_arns) > 0 ? [var.repository_read_write_access_arns] : []
-
-    content {
-      sid = "ReadWrite"
-
-      principals {
-        type        = "AWS"
-        identifiers = statement.value
-      }
-
-      actions = [
-        "ecr-public:BatchCheckLayerAvailability",
-        "ecr-public:CompleteLayerUpload",
-        "ecr-public:InitiateLayerUpload",
-        "ecr-public:PutImage",
-        "ecr-public:UploadLayerPart",
-      ]
-    }
-  }
-
   dynamic "statement" {
     for_each = var.repository_policy_statements