- Newest
- Most votes
- Most comments
Below are a couple articles you can reference.
https://aws.amazon.com/premiumsupport/knowledge-center/secondary-account-access-ecr/
For your information, ECR now supports cross account image replication.
https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication.html
If the customer would like to distribute container images to the individual AWS account instead of using central ECR repository, this feature would be helpful for them.
Another alternative -- especially helpful if the ECR Policy get too big -- is to use the AWS:PrincipalOrgID
condition to allow every account in the Organization to access the ECR Repository: check out this blog post showing how.
Beware: this allows all accounts in an Organization to access the ECR repository! Double check with your security team if this is allowed!
Relevant content
- asked 10 months ago
- asked 2 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago