How do I establish an AWS ECR repository policy?
In this guide, we will create an Amazon Elastic Container Registry (ECR) repository and set a repository policy using Pulumi. This policy will define permissions for accessing the repository.
Key Points:
- Create an ECR repository.
- Define a repository policy to manage access permissions.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an ECR repository
const ecrRepository = new aws.ecr.Repository("my-repo", {
name: "my-repo",
});
// Define the repository policy
const repositoryPolicy = new aws.ecr.RepositoryPolicy("repoPolicy", {
repository: ecrRepository.name,
policy: pulumi.output({
Version: "2012-10-17",
Statement: [
{
Sid: "AllowPushPull",
Effect: "Allow",
Principal: "*",
Action: [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
],
},
],
}),
});
// Export the repository URL
export const repositoryUrl = ecrRepository.repositoryUrl;
Summary:
In this setup, we created an AWS ECR repository and attached a policy to it. The policy allows any principal to perform actions such as pushing and pulling images from the repository. The repository URL is exported for use in other parts of your infrastructure.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.