Vendor services misconfigurations

Minimize cluster access to read-only for Amazon ECR

Description

The EKS Cluster Service Account only requires pull access to containers to deploy onto Amazon EKS. Restricting permissions follows the principles of least privilege and prevents credentials from being abused beyond the required role.