This is a Question

Description

It doesn't seem that there's anything (from the documentation, anyway) to stop a valid GitHub user from connecting to the API Gateway of your private registry. Looking through the authorizer, it seems only users in the YITH_ADMINS can connect, but I could be wrong?

You are correct currently the use case for us at least was mainly for GitHub enterprise users, wouldn't take much in regards to applying a better permissions model around organisations - would support public GitHub users for authentication better.

Although you could apply a security group in AWS to limit access to office IP ranges as a temporary solution.

Thanks for all the great feedback so far will get some of these carded up and look to start further work or discussions in a PR around them.