From 2ebf7150394653b5f9d43551d340c5a830a6ab5d Mon Sep 17 00:00:00 2001
From: Mark Nielsen <mark.nielsen@blackboard.com>
Date: Mon, 17 Sep 2018 12:54:37 -0700
Subject: [PATCH] Fix the full-ecr-access flag to give power user instead of
 read only

---
 pkg/cfn/builder/iam.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/cfn/builder/iam.go b/pkg/cfn/builder/iam.go
index 87ef12f894..99aa5ed18d 100644
--- a/pkg/cfn/builder/iam.go
+++ b/pkg/cfn/builder/iam.go
@@ -86,9 +86,9 @@ func (n *nodeGroupResourceSet) addResourcesForIAM() {
 		n.spec.NodePolicyARNs = iamDefaultNodePolicyARNs
 	}
 	if n.spec.Addons.WithIAM.PolicyAmazonEC2ContainerRegistryPowerUser {
-		n.spec.NodePolicyARNs = append(n.spec.NodePolicyARNs, iamPolicyAmazonEC2ContainerRegistryReadOnlyARN)
-	} else {
 		n.spec.NodePolicyARNs = append(n.spec.NodePolicyARNs, iamPolicyAmazonEC2ContainerRegistryPowerUserARN)
+	} else {
+		n.spec.NodePolicyARNs = append(n.spec.NodePolicyARNs, iamPolicyAmazonEC2ContainerRegistryReadOnlyARN)
 	}
 
 	refIR := n.newResource("NodeInstanceRole", &gfn.AWSIAMRole{