Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Create an IAM role for
repository creation templates
You can use the Amazon Web Services Management Console to create a role that can be used by Amazon ECR when you
specify the repository creation role in a repository creation template that is using
repository tags or KMS in a template.
- Amazon Web Services Management Console
-
To create a role.
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/.
-
In the navigation pane of the console, choose
Roles and then choose Create
role.
-
Choose Custom trust policy role
type.
-
In the Custom trust policy section, paste
the custom trust policy listed below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ecr.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
-
Choose Next.
-
From the Add permissions page, select the
check box next to the custom policy you created earlier from the
list of Permissions policies and choose
Next.
-
For Role name, enter a name for your
role. Role names must be unique within your Amazon Web Services account. When
a role name is used in a policy or as part of an ARN, the role
name is case sensitive. When a role name appears to customers in
the console, such as during the sign-in process, the role name
is case insensitive. Because various entities might reference
the role, you can't edit the name of the role after it is
created.
-
(Optional) For Description, enter a
description for the new role.
-
Review the role and then choose Create
role.