How do I assign IAM users access to ECR repositories?
In this guide, we will create an AWS ECR repository and assign IAM users access to it using Pulumi. We will define an ECR repository, create IAM users, and attach policies to allow these users to interact with the ECR repository.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an ECR repository
const ecrRepository = new aws.ecr.Repository("my-repo", {
name: "my-repo",
});
// Create an IAM user
const user = new aws.iam.User("ecrUser", {
name: "ecrUser",
});
// Define a policy that allows the user to access the ECR repository
const ecrPolicy = new aws.iam.Policy("ecrPolicy", {
description: "Policy to allow ECR actions",
policy: ecrRepository.arn.apply(arn => JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
],
Resource: arn,
},
],
})),
});
// Attach the policy to the user
const userPolicyAttachment = new aws.iam.UserPolicyAttachment("userPolicyAttachment", {
user: user.name,
policyArn: ecrPolicy.arn,
});
// Export the ECR repository URL
export const repositoryUrl = ecrRepository.repositoryUrl;
Key Points
- ECR Repository: We created an ECR repository using
aws.ecr.Repository
. - IAM User: We created an IAM user using
aws.iam.User
. - IAM Policy: We defined an IAM policy that grants necessary permissions to interact with the ECR repository.
- Policy Attachment: We attached the IAM policy to the IAM user using
aws.iam.UserPolicyAttachment
.
Summary
In this guide, we created an AWS ECR repository and assigned access to an IAM user by creating and attaching a policy that grants the necessary permissions. This allows the IAM user to perform actions such as uploading and downloading images to and from the ECR repository.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.