CCM-14149: Support Container Based Lambdas

Author: jamesthompson26-nhs

infrastructure/modules/lambda/data_iam_policy_document_ecr.tf

@@ -4,11 +4,20 @@ data "aws_iam_policy_document" "ecr" {
 
     actions = [
       "ecr:GetAuthorizationToken",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    actions = [
       "ecr:BatchGetImage",
       "ecr:GetDownloadUrlForLayer",
       "ecr:BatchCheckLayerAvailability",
     ]
 
-    resources = ["*"]
+    resources = ["arn:aws:ecr:${var.region}:${var.aws_account_id}:repository/*"]
   }
-}
+}

infrastructure/modules/lambda/iam_role_policy_ecr.tf

@@ -3,4 +3,4 @@ resource "aws_iam_role_policy" "ecr" {
   name   = "${local.csi}-ecr"
   role   = aws_iam_role.main.id
   policy = data.aws_iam_policy_document.ecr.json
-}
+}