AWS ECR (IAM)

aws compute

Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry for storing, managing, and deploying container images.

Common permissions

ecr:DescribeRepositoriesecr:ListImagesecr:DescribeImagesecr:GetAuthorizationTokenecr:PutImageecr:GetDownloadUrlForLayerecr:TagResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecr:DescribeRepositories",
        "ecr:ListImages",
        "ecr:DescribeImages",
        "ecr:GetAuthorizationToken",
        "ecr:PutImage",
        "ecr:GetDownloadUrlForLayer",
        "ecr:TagResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid ecr:* — grants full control including repository deletion and image removal
Avoid ecr:DeleteRepository unless needed — permanently removes all images in the repository

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/ecr/ecr.json ↗

API

full doc /v1/iam/ecr