ecr.tf: restore Vault account access to ecr_pushpull_role At some point it seems like the sts:AssumeRole permission was dropped for the Vault ARN and limited to only ec2 instances. This adds the Vault ARN back in as a principal which should restore their access. Change-Id: I993bd05b8bd8f441444f50890e514ea74ccbf911

commit: d02b92b78ded18e7f3e8abeba64be38026cb9e88 [log] [tgz]
author: Kelley Spoon <kelley.spoon@linaro.org> Mon Aug 02 21:38:51 2021 -0500
committer: Kelley Spoon <kelley.spoon@linaro.org> Mon Aug 02 21:38:51 2021 -0500
tree: 00415e79cccef02f89c7e8bf92d0f79c3f4adbf2
parent: 3f372ce7089433c973b36785d954d25ab6d5699d [diff]
diff --git a/ecr.tf b/ecr.tf
index a395bd0..0c15ffb 100644
--- a/ecr.tf
+++ b/ecr.tf

@@ -14,9 +14,11 @@
     {
       "Effect": "Allow",
       "Principal": {
-        "AWS": [ "987685672616",
-                 "arn:aws:iam::487149096843:user/vault"
-               ]
+        "AWS": [
+            "987685672616",
+            "arn:aws:iam::487149096843:user/vault"
+        ],
+        "Service": "ec2.amazonaws.com"
       },
       "Action": "sts:AssumeRole"
     }
commit	d02b92b78ded18e7f3e8abeba64be38026cb9e88	[log] [tgz]
author	Kelley Spoon <kelley.spoon@linaro.org>	Mon Aug 02 21:38:51 2021 -0500
committer	Kelley Spoon <kelley.spoon@linaro.org>	Mon Aug 02 21:38:51 2021 -0500
tree	00415e79cccef02f89c7e8bf92d0f79c3f4adbf2
parent	3f372ce7089433c973b36785d954d25ab6d5699d [diff]