Open srinivasaleti opened 1 year ago
Root Account
github_oidc
ecr_authorization_policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "ecr:GetAuthorizationToken", "Resource": "*" } ] }
ecr_push_image_policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPushPull", "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:CompleteLayerUpload", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ], "Resource": "arn:aws:ecr:ap-south-1:157078391004:repository/myapp-repository" } ] }
Create a policy that allows the secondary account to perform API calls against the image repository https://repost.aws/knowledge-center/secondary-account-access-ecr
Root Account
github_oidc
role in root accountecr_authorization_policy
with belowecr_push_image_policy
with below permissionsgithub_oidc
role