How do I build an AWS ECR repository policy with Pulumi?
In this example, we will create an AWS Elastic Container Registry (ECR) repository and attach a policy to it using Pulumi in TypeScript. The policy will define the permissions for accessing the repository.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an ECR repository
const ecrRepository = new aws.ecr.Repository("my-repo");
// Define the policy for the ECR repository
const ecrPolicy = {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: "*",
Action: [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
]
},
{
Effect: "Allow",
Principal: "*",
Action: "ecr:PutImage",
Condition: {
StringEquals: {
"aws:PrincipalOrgID": "o-xxxxxxxxxx"
}
}
}
]
};
// Attach the policy to the ECR repository
const repositoryPolicy = new aws.ecr.RepositoryPolicy("my-repo-policy", {
repository: ecrRepository.name,
policy: JSON.stringify(ecrPolicy),
});
// Export the repository URL
export const repositoryUrl = ecrRepository.repositoryUrl;
Key Points
- We created an ECR repository using
aws.ecr.Repository
. - Defined a policy that grants permissions to get and put images in the repository.
- Attached the policy to the ECR repository using
aws.ecr.RepositoryPolicy
. - Exported the repository URL as a stack output.
Summary
In this example, we demonstrated how to create an AWS ECR repository and attach a policy to it using Pulumi. The policy specifies the permissions required to access the repository and ensures secure image management.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.