Feb 16, 2022

AWS ECR, Permit Cross Account Image Download

Amazon Web Services AWS Elastic Container Registry (ECR)
0
0
Kyler Middleton
Kyler MiddletonCloud IAM Advocate at IAM Pulse
{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

Referenced from: https://docs.aws.amazon.com/AmazonECR/latest/userguide/security_iam_id-based-policy-examples.html

1{
2  "Version" : "2008-10-17",
3  "Statement" : [
4    {
5      "Sid" : "Allow account B, C to access this ECR",
6      "Effect" : "Allow",
7      "Principal" : {
8        "AWS" : [
9          "arn:aws:iam::{{remote-account-1-id}}:root",
10          "arn:aws:iam::{{remote-account-2-id}}:root"
11        ]
12      },
13      "Action" : [
14        "ecr:GetDownloadUrlForLayer",
15        "ecr:BatchGetImage",
16        "ecr:BatchCheckLayerAvailability"
17      ]
18    }
19  ]
20}

    Get the IAM Pulse Check Newsletter

    We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

    Checkout past issues for a sampling of the goods.