AWS ECR: Permit Cross Account Image Upload

Mar 07, 2022

AWS ECR: Permit Cross Account Image Upload

Amazon Web Services AWS Elastic Container Registry (ECR)

Kyler MiddletonCloud IAM Advocate at IAM Pulse

Website
Twitter
LinkedIn
GitHub

{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

Referenced from: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html

1{
2  "Version": "2012-10-17",
3  "Statement": [
4    {
5      "Sid": "AllowCrossAccountPush",
6      "Effect": "Allow",
7      "Principal": {
8        "AWS": "arn:aws:iam::{{remote-account-id}}:root"
9      },
10      "Action": [
11        "ecr:BatchCheckLayerAvailability",
12        "ecr:CompleteLayerUpload",
13        "ecr:InitiateLayerUpload",
14        "ecr:PutImage",
15        "ecr:UploadLayerPart"
16      ]
17    }
18  ]
19}

We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

Checkout past issues for a sampling of the goods.

AWS ECR: Permit Cross Account Image Upload

Get the IAM Pulse Check Newsletter