1 個回答
- 最新
- 最多得票
- 最多評論
0
Here is how we have set up our ECR permissions in our source account:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCrossAccountPullTest",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::ACCOUNT_ID:role/ecsTaskExecutionRoleName"
]
},
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}
Keep in mind that you also need to give your ECS Task Execution Role permissions in your destination account to do a BatchGetImage against this registry like so:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
已回答 2 年前
相關內容
- 已提問 6 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前