Missing permissions policy to create repository and push container

Question

Hello, I'm trying to deploy a container in ECR following [this guide from aws](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-container-image.html#create-container-image-push-ecr) but when I go into the step to create the repository through aws cli 
```
aws ecr create-repository --repository-name 'a-name' --profile 'my-profile'
```
it gives me the following error: 
```
An error occurred (AccessDeniedException) when calling the CreateRepository operation: User: user-arn is not authorized to perform: ecr:CreateRepository on resource: arn-registry because no identity-based policy allows the ecr:CreateRepository action.
```
My profile is correctly logged with sso token. Also, the administrator and I checked the permissions for my profile, currently I have, related to ECR the permissions `AmazonElasticContainerRegistryPublicFullAccess` y `AmazonEC2ContainerRegistryFullAccess`. Those are the permissions I found reading the documentation, Do I missing something?

GK · Accepted Answer

Hi

*  Verify IAM user policy to the profile that you are using
* Attach a policy to the IAM profile user using

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ecr:CreateRepository",
            "Resource": "*"
        }
    ]
}

```
Replace "*" with a specific Amazon Resource Name (ARN) if you want to restrict repository creation to a particular region.

* After creating or modifying the policy, attach it to your IAM user or the role associated with your my-profile.

*The IAM policy AmazonElasticContainerRegistryPublicFullAccess does not grant the permission to create repositories in Amazon ECR. It*

Missing permissions policy to create repository and push container

Add your answer

Relevant content