Granting registry permissions for pull through cache in Amazon ECR - Amazon ECR
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Granting registry permissions for pull through cache in Amazon ECR

Amazon ECR private registry permissions may be used to scope the permissions of individual IAM entities to use pull through cache. If an IAM entity has more permissions granted by an IAM policy than the registry permissions policy is granting, the IAM policy takes precedence.

To create a private registry permissions policy (Amazon Web Services Management Console)

  1. Open the Amazon ECR console at https://console.amazonaws.cn/ecr/.

  2. From the navigation bar, choose the Region to configure your private registry permissions statement in.

  3. In the navigation pane, choose Private registry, Registry permissions.

  4. On the Registry permissions page, choose Generate statement.

  5. For each pull through cache permissions policy statement you want to create, do the following.

    1. For Policy type, choose Pull through cache policy.

    2. For Statement id, provide a name for the pull through cache statement policy.

    3. For IAM entities, specify the users, groups, or roles to include in the policy.

    4. For Repository namespace, select the pull through cache rule to associate the policy with.

    5. For Repository names, specify the repository base name to apply the rule for. For example, if you want to specify the Amazon Linux repository on Amazon ECR Public, the repository name would be amazonlinux.