From 592beb536e68badfd6c96d790901cc8e6d0b0579 Mon Sep 17 00:00:00 2001
From: Oscar Morante <oscar.morante@mirada.tv>
Date: Wed, 6 Apr 2016 22:09:59 +0300
Subject: [PATCH] kube-aws: add ECR policies to IAMRoleWorker

---
 .../aws/pkg/config/templates/stack-template.json    | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/multi-node/aws/pkg/config/templates/stack-template.json b/multi-node/aws/pkg/config/templates/stack-template.json
index 70d37c64c7..0340726b8c 100644
--- a/multi-node/aws/pkg/config/templates/stack-template.json
+++ b/multi-node/aws/pkg/config/templates/stack-template.json
@@ -222,6 +222,19 @@
                   "Action" : "kms:Decrypt",
                   "Effect" : "Allow",
                   "Resource" : "{{.KMSKeyARN}}"
+                },
+                {
+                  "Action": [
+                    "ecr:GetAuthorizationToken",
+                    "ecr:BatchCheckLayerAvailability",
+                    "ecr:GetDownloadUrlForLayer",
+                    "ecr:GetRepositoryPolicy",
+                    "ecr:DescribeRepositories",
+                    "ecr:ListImages",
+                    "ecr:BatchGetImage"
+                  ],
+                  "Resource": "*",
+                  "Effect": "Allow"
                 }
               ],
               "Version": "2012-10-17"