ECR repository policies should not allow wildcard principals

ecr

Description

ECR repository resource policies should not grant access to wildcard principals (Principal: "*"). Wildcard principals allow any AWS account or unauthenticated user to access the resource, creating a significant security risk.

Remediation

Update the repository policy to specify explicit AWS account IDs or IAM principals. For guidance, refer to Repository policies.