🚧 Add gitops permissions policy

.github/workflows/apply_permissions.yml

@@ -0,0 +1,20 @@
+name: Lint
+on:
+  push:
+  pull_request: ~
+
+jobs:
+  update-policy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ap-southeast-2
+      - name: Run script to update ECR policy
+        run: |
+          bash ecr/apply_permissions.sh

ecr/apply_permissions.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+
+ECR_REPO_NAME="gitops"
+POLICY_FILE="ecr/permissions.json"
+
+# Update ECR repository policy
+aws ecr set-repository-policy --repository-name $ECR_REPO_NAME --policy-text file://$POLICY_FILE

ecr/permissions.json

@@ -0,0 +1,20 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowOrganizationPull",
+            "Effect": "Allow",
+            "Principal": "*",
+            "Action": [
+                "ecr:GetDownloadUrlForLayer",
+                "ecr:BatchGetImage",
+                "ecr:BatchCheckLayerAvailability"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "aws:PrincipalOrgID": "o-4mi26lv5bn"
+                }
+            }
+        }
+    ]
+}