From e5d2989a9f2db6b07b0fe7590792bae3109ebf00 Mon Sep 17 00:00:00 2001
From: David Elliott <david.elliott@digital.justice.gov.uk>
Date: Thu, 14 Dec 2023 15:44:52 +0000
Subject: [PATCH] Reduce ECR delete scope

This should be to allow users to delete images, rather than repositories.
---
 terraform/environments/bootstrap/delegate-access/policies.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/environments/bootstrap/delegate-access/policies.tf b/terraform/environments/bootstrap/delegate-access/policies.tf
index dc3454bdd..9c2e8ff42 100644
--- a/terraform/environments/bootstrap/delegate-access/policies.tf
+++ b/terraform/environments/bootstrap/delegate-access/policies.tf
@@ -203,7 +203,7 @@ data "aws_iam_policy_document" "developer_additional" {
       "ec2:DescribeInstances",
       "ec2:DescribeInstanceTypes",
       "ec2-instance-connect:SendSerialConsoleSSHPublicKey",
-      "ecr:DeleteRepository",
+      "ecr:BatchDeleteImage",
       "ecs:StartTask",
       "ecs:StopTask",
       "ecs:ListTagsForResource",