Private registry permissions in Amazon ECR

Amazon ECR uses a registry policy to grant permissions to an AWS principal at the private registry level.

Amazon ECR allows all ECR actions in the policy and enforces the registry policy in all ECR requests. You can use registry policies to grant permissions for actions such as replication configuration, pull-through cache rule creation, and repository creation. For the full list of API actions, see the Amazon ECR API Guide . For information about general settings for your Amazon ECR private registry, see Private registry settings in Amazon ECR.

Note

While it is possible to add the ecr:* action to a private registry policy, it is considered best practice to only add the specific actions required based on the feature you're using rather than use a wildcard.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Blob mounting

Registry policy examples