- Le plus récent
- Le plus de votes
- La plupart des commentaires
You added CodeBuild as a principle. Does it perform the pull? Did you check, if CodeBuild's access rights are set up correctly? You can also try to identify the request's CloudTrail event to see if the ARN that performs the blocked request is matching your condition.
In order to use private ECR image, you need to update role used in configuration of workflow with below policy that add permissions to fetch ECR image.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer"
],
"Resource": "*"
}
]
}
You can restrict resource to specific ECR repository in your case. You can get additional details at https://docs.aws.amazon.com/codecatalyst/latest/userguide/build-images.html#build-images-specify
AdministratorAccess includes the permissions you are sharing:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "", "Resource": "" }]}
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- Réponse acceptéedemandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
Thanks Markus I'm checking Cloudtrail but i don't see any logs related to ECR.