1. Answers
  2. Establishing an AWS ECR Repository Policy

How do I establish an AWS ECR repository policy?

In this guide, we will create an Amazon Elastic Container Registry (ECR) repository and set a repository policy using Pulumi. This policy will define permissions for accessing the repository.

Key Points:

  • Create an ECR repository.
  • Define a repository policy to manage access permissions.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an ECR repository
const ecrRepository = new aws.ecr.Repository("my-repo", {
    name: "my-repo",
});

// Define the repository policy
const repositoryPolicy = new aws.ecr.RepositoryPolicy("repoPolicy", {
    repository: ecrRepository.name,
    policy: pulumi.output({
        Version: "2012-10-17",
        Statement: [
            {
                Sid: "AllowPushPull",
                Effect: "Allow",
                Principal: "*",
                Action: [
                    "ecr:GetDownloadUrlForLayer",
                    "ecr:BatchGetImage",
                    "ecr:BatchCheckLayerAvailability",
                    "ecr:PutImage",
                    "ecr:InitiateLayerUpload",
                    "ecr:UploadLayerPart",
                    "ecr:CompleteLayerUpload",
                ],
            },
        ],
    }),
});

// Export the repository URL
export const repositoryUrl = ecrRepository.repositoryUrl;

Summary:

In this setup, we created an AWS ECR repository and attached a policy to it. The policy allows any principal to perform actions such as pushing and pulling images from the repository. The repository URL is exported for use in other parts of your infrastructure.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up