I have this default policy for aws ecr registry
{ "Sid": "", "Effect": "Allow", "Principal": { "AWS": "" }, "Action": [ "ecr:CreateRepository", "ecr:ReplicateImage" ], "Resource": "arn:aws:ecr:us-east-1:447619021764:repository/*"
}Do you know how I can configure this json to allow pull from user?
1 Answer
You can check the list of erc actions on:
Another great resource is the AWS Managed policies for ECR:
And
The following examples show policy statements that you could use to control the permissions that authenticated users have to Amazon ECR repositories.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::account-id:user/push-pull-user-1", "arn:aws:iam::account-id:user/push-pull-user-2" ] }, "Action": [ "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:CompleteLayerUpload", "ecr:GetDownloadUrlForLayer", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ] } ]
}
