Required IAM permissions for Amazon ECR public registries - Amazon ECR Public
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Required IAM permissions for Amazon ECR public registries

When editing your Amazon ECR public registry settings to request a custom alias, the IAM principal must have permission to call the ecr-public:PutRegistryAlias API. This is a private API.

Note

Setting a Display name for your Amazon ECR public registry doesn't require any additional permissions.

The following IAM policy can be added as an inline policy to the principal performing the public registry edit. Replace the example Amazon account ID in this example with your own account ID.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ecr-public:PutRegistryAlias", "Resource": "arn:aws:ecr-public::123456789012:registry/*" } ] }