From e3b2883b9ce4f6cbc2eff7dac0fe76e8b36bcaf8 Mon Sep 17 00:00:00 2001
From: Pavel Soloviev <66182149+moleus@users.noreply.github.com>
Date: Tue, 17 Dec 2024 17:12:09 +0300
Subject: [PATCH] fix: add missing BatchGet* action to pull from ECR

---
 modules/iam-read-only-policy/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/iam-read-only-policy/main.tf b/modules/iam-read-only-policy/main.tf
index 07d6ca73..ea479884 100644
--- a/modules/iam-read-only-policy/main.tf
+++ b/modules/iam-read-only-policy/main.tf
@@ -25,6 +25,7 @@ data "aws_iam_policy_document" "allowed_services" {
       actions = [
         "${statement.value}:List*",
         "${statement.value}:Get*",
+        "${statement.value}:BatchGet*",
         "${statement.value}:Describe*",
         "${statement.value}:View*",
       ]