Principal ARNs input for ECR Power User

[ingledl]

trafficstars

Describe the Feature

Create an input variable for Principal ARNs to provide power user access to ECR.

Expected Behavior

Principal ARNs will be provided with actions that match the policy AmazonEC2ContainerRegistryPowerUser which provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes.

Use Case

A centrally managed environment where Principal ARNs are allowed to update images in ECR repos but not alter policies or delete repos. This will add a guardrail to prevent unintentional/intentional deletion of repos containing nonrecoverable container images.

Alternatives Considered

Grant the ability create custom policies to attach to either current Principal ARN input.