Difference between revisions of "Terraform resource: aws ecr repository policy"
Jump to navigation
Jump to search
| Line 23: | Line 23: | ||
}, | }, | ||
"Action": [ | "Action": [ | ||
| − | "ecr:GetDownloadUrlForLayer", | + | "[[ecr:GetDownloadUrlForLayer]]", |
| − | "ecr:BatchGetImage", | + | "[[ecr:BatchGetImage]]", |
| − | "ecr:BatchCheckLayerAvailability", | + | "[[ecr:BatchCheckLayerAvailability]]", |
| − | "ecr:PutImage", | + | "[[ecr:PutImage]]", |
| − | "ecr:InitiateLayerUpload", | + | "[[ecr:InitiateLayerUpload]]", |
| − | "ecr:UploadLayerPart", | + | "[[ecr:UploadLayerPart]]", |
| − | "ecr:CompleteLayerUpload" | + | "[[ecr:CompleteLayerUpload]]" |
] | ] | ||
} | } | ||
Revision as of 08:50, 9 February 2023
aws_ecr_repository_policy
Example
resource "aws_ecr_repository_policy" "access_policy" {
for_each = toset(var.your-org_ecr_repos)
repository = each.key
policy = <<EOF
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPushPull",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::0123456789:root",
"arn:aws:iam::9876543210:user/MyAdmin"
]
},
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload"
]
}
]
}
EOF
depends_on = [aws_ecr_repository.your-org_repos]
}
Related
See also
- Terraform AWS ECR:
aws_ecr_repository, aws_ecr_repository_policy, aws_ecrpublic_repository, aws_ecrpublic_repository_policy, aws_ecr_registry_policy, aws_ecr_registry_scanning_configuration, aws_ecr_replication_configuration - ECR,
aws ecr, Amazon ECR Public Gallery: public.ecr.aws, Terraform AWS ECR, Troubleshooting ECR,ecr:,ecr:ReplicateImage, ECR scanning,AllowPushPull
Advertising:
