no-iam-priv-esc-roles
no-iam-priv-esc-other-users
no-iam-priv-esc-funcs
no-iam-star-actions
no-iam-creds-exposure
no-iam-resource-exposure
ecr:SetRepositoryPolicy
could let an attacker retrieve container images. Instead, use another action that doesn’t expose AWS resources.no-iam-admin-privileges
no-iam-data-exfiltration