update to support iam

catalinpan · Aug 14, 2017 · e61d0d5 · e61d0d5
1 parent 70acaa7
commit e61d0d5
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -14,11 +14,11 @@ REGION
 RENEW_TOKEN - default 6h
 ```
 
-##### AWS instance with IAM role
+### AWS instance with IAM role
 
 For AWS instances if the region is not declared it will be auto discovered from IAM as long as the instance supports that. [pull request](https://github.com/catalinpan/aws-ecr-proxy/pull/1/commits/899ef1a80a7fa141f66e500a76f6ed86f8d19f4e), [commit](https://github.com/catalinpan/aws-ecr-proxy/commit/d8a709bf043cfd14b88defae738833e93c946f4b).
 
-The AWS key and secret can be also configured using a IAM role (without mounting them secrets or specifying them as variables). A sample IAM role config can be found in examples folder. More details on the [AWS official documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).
+The AWS key and secret can be also configured using a IAM role (without mounting them secrets or specifying them as variables). A sample IAM role config can be found in the examples folder. More details on the [AWS official documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).
 
 The configs will be checked in the following order:
 

diff --git a/examples/aws-instance-role-policy.json b/examples/aws-instance-role-policy.json
@@ -1,31 +1,6 @@
 {
     "Version": "2012-10-17",
     "Statement": [
-        {
-            "Action": "s3:*",
-            "Resource": [
-                "arn:aws:s3:::ecr-pull-*"
-            ],
-            "Effect": "Allow"
-        },
-        {
-            "Action": [
-                "ec2:*"
-            ],
-            "Resource": [
-                "*"
-            ],
-            "Effect": "Allow"
-        },
-        {
-            "Action": [
-                "route53:*"
-            ],
-            "Resource": [
-                "*"
-            ],
-            "Effect": "Allow"
-        },
         {
             "Action": [
                 "ecr:GetAuthorizationToken",
@@ -38,15 +13,6 @@
             ],
             "Resource": "*",
             "Effect": "Allow"
-        },
-        {
-            "Action": [
-                "elasticloadbalancing:*"
-            ],
-            "Resource": [
-                "*"
-            ],
-            "Effect": "Allow"
         }
     ]
 }