I have this default policy for aws ecr registry

{ "Sid": "", "Effect": "Allow", "Principal": { "AWS": "" }, "Action": [ "ecr:CreateRepository", "ecr:ReplicateImage" ], "Resource": "arn:aws:ecr:us-east-1:447619021764:repository/*"
}

Do you know how I can configure this json to allow pull from user?

1 Answer

You can check the list of erc actions on:

Another great resource is the AWS Managed policies for ECR:

And

The following examples show policy statements that you could use to control the permissions that authenticated users have to Amazon ECR repositories.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::account-id:user/push-pull-user-1", "arn:aws:iam::account-id:user/push-pull-user-2" ] }, "Action": [ "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:CompleteLayerUpload", "ecr:GetDownloadUrlForLayer", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ] } ]
}

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.