1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Here is how we have set up our ECR permissions in our source account:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCrossAccountPullTest",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::ACCOUNT_ID:role/ecsTaskExecutionRoleName"
]
},
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}
Keep in mind that you also need to give your ECS Task Execution Role permissions in your destination account to do a BatchGetImage against this registry like so:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- Réponse acceptéedemandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans