- 資料來源 - Setting permissions on Amazon EC2 Container Registry repositories ** 這篇很值得一讀
- 要透過 set-repository-policy 的 command 進行
$ aws --profile admin ecr set-repository-policy --repository-name repo1 --policy-text file://usr1Policy.json
- 透過 command,來 create user & create access key
$ aws --profile power-dev-serverless iam create-user --user-name=bruce-test1
$ aws --profile power-dev-serverless iam create-access-key --user-name=bruce-test1
- 設定 policy 的方式,目前僅能用 command line 來設定
$ aws ecr set-repository-policy --repository-name dev/acus/fe --policy-text file://devPolicy.json
- 使用 iam user 來設定 ecr 存取權限
- example
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:ListImages",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeImages",
"ecr:DescribeRepositories"
],
"Resource": [
"arn:aws:ecr:us-west-2:<AWS_ID>:repository/dev/*"
]
}
]
}
- Amazon ECR Repository Policy Examples
- Using Amazon Container Registry Service
- Setting permissions on Amazon EC2 Container Registry repositories ** 這篇很值得一讀
- Authenticating Amazon ECR Repositories for Docker CLI with Credential Helper 可以用於 jenkis & upload server
- How to connect to AWS ECR using python docker-py
- boto3 ecr get_authorization_token return incorrect token 參考這部分,來實作 boto3 的 code
- boto3 Docs Available Services ECR