Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Create a custom policy for
repository creation templates
You can use the Amazon Web Services Management Console to define a policy that will be subsequently associated
with an IAM role. This IAM role can then be utilized as a repository creation role
when configuring a repository creation template.
- Amazon Web Services Management Console
-
To use the JSON policy editor to create a custom policy for
repository creation templates.
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/.
-
In the navigation pane on the left, choose
Policies.
-
Choose Create policy.
-
In the Policy editor section, choose the
JSON option.
-
Enter the following policy in the JSON
field.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:CreateRepository",
"ecr:ReplicateImage",
"ecr:TagResource"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant",
"kms:RetireGrant",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
-
Resolve any security warnings, errors, or general warnings
generated during policy validation, and then choose
Next.
-
When you are finished adding permissions to the policy, choose
Next.
-
On the Review and create page, type a
Policy Name and a
Description (optional) for the policy
that you are creating. Review Permissions defined in
this policy to see the permissions that are
granted by your policy.
-
Choose Create policy to save your new
policy.
-
Create a role to assign this policy for the creation template,
see Create an IAM role for
repository creation templates.