{"slug":"iam-aws-ecr","cloud":"aws","service":"ecr","title":"AWS ECR (IAM)","description":"Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry for storing, managing, and deploying container images.","category":"compute","common_permissions":["ecr:DescribeRepositories","ecr:ListImages","ecr:DescribeImages","ecr:GetAuthorizationToken","ecr:PutImage","ecr:GetDownloadUrlForLayer","ecr:TagResource"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ecr:DescribeRepositories\",\n        \"ecr:ListImages\",\n        \"ecr:DescribeImages\",\n        \"ecr:GetAuthorizationToken\",\n        \"ecr:PutImage\",\n        \"ecr:GetDownloadUrlForLayer\",\n        \"ecr:TagResource\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid ecr:* — grants full control including repository deletion and image removal","Avoid ecr:DeleteRepository unless needed — permanently removes all images in the repository"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/ecr/ecr.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:48:55.212Z","updated_at":"2026-06-14T04:48:55.212Z"}