View a markdown version of this page

Private registry permissions in Amazon ECR - Amazon ECR
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Private registry permissions in Amazon ECR

Amazon ECR uses a registry policy to grant permissions to an Amazon principal at the private registry level.

Amazon ECR allows all ECR actions in the policy and enforces the registry policy in all ECR requests. You can use registry policies to grant permissions for actions such as replication configuration, pull-through cache rule creation, and repository creation. For the full list of API actions, see the Amazon ECR API Guide . For information about general settings for your Amazon ECR private registry, see Private registry settings in Amazon ECR.

Note

While it is possible to add the ecr:* action to a private registry policy, it is considered best practice to only add the specific actions required based on the feature you're using rather than use a wildcard.

Topics