- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
You added CodeBuild as a principle. Does it perform the pull? Did you check, if CodeBuild's access rights are set up correctly? You can also try to identify the request's CloudTrail event to see if the ARN that performs the blocked request is matching your condition.
In order to use private ECR image, you need to update role used in configuration of workflow with below policy that add permissions to fetch ECR image.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer"
],
"Resource": "*"
}
]
}
You can restrict resource to specific ECR repository in your case. You can get additional details at https://docs.aws.amazon.com/codecatalyst/latest/userguide/build-images.html#build-images-specify
AdministratorAccess includes the permissions you are sharing:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "", "Resource": "" }]}
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
Thanks Markus I'm checking Cloudtrail but i don't see any logs related to ECR.