From cd1cc10cb6820bdeff6aac7b856eb7baa284fcfa Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Sun, 23 Jun 2024 23:00:20 +0900
Subject: [PATCH] update docs

---
 packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts b/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts
index 4f594fda858a8..7f4b1a65d827f 100644
--- a/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts
+++ b/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts
@@ -1298,7 +1298,8 @@ export class Service extends cdk.Resource implements iam.IGrantable {
         undefined,
     });
 
-    // grant required privileges for the role
+    // grant required privileges for the role to access an image in Amazon ECR
+    // See https://docs.aws.amazon.com/apprunner/latest/dg/security_iam_service-with-iam.html#security_iam_service-with-iam-roles
     if (this.source.ecrRepository && this.accessRole) {
       this.source.ecrRepository.grantPull(this.accessRole);
       this.source.ecrRepository.grant(this.accessRole, 'ecr:DescribeImages');