From f13e8db8e5eb38a957c29299d85bdcff2464ff23 Mon Sep 17 00:00:00 2001
From: Fletcher Woodruff <fletcherwoodruff@gmail.com>
Date: Thu, 2 Apr 2026 13:59:05 -0700
Subject: [PATCH] fix: Revert "feat: Add ECR Public permissions to EKS Auto
 Mode node IAM role" (#3668)

Revert "feat: Add ECR Public permissions to EKS Auto Mode node IAM role (#3665)"

This reverts commit c07c26c18598182785ec36df2b30d05fa7a016b4.
---
 main.tf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index cbe8366..215f43e 100644
--- a/main.tf
+++ b/main.tf
@@ -921,9 +921,8 @@ resource "aws_iam_role" "eks_auto" {
 # Policies attached ref https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html
 resource "aws_iam_role_policy_attachment" "eks_auto" {
   for_each = { for k, v in {
-    AmazonEKSWorkerNodeMinimalPolicy             = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodeMinimalPolicy",
-    AmazonEC2ContainerRegistryPullOnly           = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryPullOnly",
-    AmazonElasticContainerRegistryPublicReadOnly = "${local.iam_role_policy_prefix}/AmazonElasticContainerRegistryPublicReadOnly",
+    AmazonEKSWorkerNodeMinimalPolicy   = "${local.iam_role_policy_prefix}/AmazonEKSWorkerNodeMinimalPolicy",
+    AmazonEC2ContainerRegistryPullOnly = "${local.iam_role_policy_prefix}/AmazonEC2ContainerRegistryPullOnly",
   } : k => v if local.create_node_iam_role }
 
   policy_arn = each.value