fix: unable to trigger ECR image auto deployment

aws · Feb 27, 2024 · 6f9f20b · 6f9f20b
1 parent 1f30b5d
commit 6f9f20b
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts b/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts
@@ -1318,7 +1318,13 @@ export class Service extends cdk.Resource implements iam.IGrantable {
       assumedBy: new iam.ServicePrincipal('build.apprunner.amazonaws.com'),
     });
     accessRole.addToPrincipalPolicy(new iam.PolicyStatement({
-      actions: ['ecr:GetAuthorizationToken'],
+      actions: [        
+        'ecr:BatchCheckLayerAvailability',
+        'ecr:BatchGetImage',
+        'ecr:DescribeImages',
+        'ecr:GetAuthorizationToken',
+        'ecr:GetDownloadUrlForLayer'
+      ],
       resources: ['*'],
     }));
     this.accessRole = accessRole;