Permissions for @turbot/aws-ecr
Taking a look at permissions and associated grant levels for each permission for ECR:
| Permission | Grant Level | Help |
|---|---|---|
| ecr-public:BatchCheckLayerAvailability | Metadata | |
| ecr-public:BatchDeleteImage | Admin | |
| ecr-public:CompleteLayerUpload | Operator | |
| ecr-public:CreateRepository | Admin | |
| ecr-public:DeleteRepository | Admin | |
| ecr-public:DeleteRepositoryPolicy | Admin | |
| ecr-public:DescribeImageTags | Metadata | |
| ecr-public:DescribeImages | Metadata | |
| ecr-public:DescribeRegistries | Metadata | |
| ecr-public:DescribeRepositories | Metadata | |
| ecr-public:GetAuthorizationToken | Metadata | |
| ecr-public:GetRegistryCatalogData | Metadata | |
| ecr-public:GetRepositoryCatalogData | Metadata | |
| ecr-public:GetRepositoryPolicy | Metadata | |
| ecr-public:InitiateLayerUpload | Operator | |
| ecr-public:ListTagsForResource | Metadata | |
| ecr-public:PutImage | Admin | |
| ecr-public:PutRegistryCatalogData | Admin | |
| ecr-public:PutRepositoryCatalogData | Admin | |
| ecr-public:SetRepositoryPolicy | Admin | |
| ecr-public:TagResource | Operator | |
| ecr-public:UntagResource | Operator | |
| ecr-public:UploadLayerPart | Admin | |
| ecr:BatchCheckLayerAvailability | Metadata | |
| ecr:BatchDeleteImage | Admin | |
| ecr:BatchGetImage | Metadata | |
| ecr:BatchGetRepositoryScanningConfiguration | Metadata | |
| ecr:BatchImportUpstreamImage | Admin | |
| ecr:CompleteLayerUpload | Operator | |
| ecr:CreatePullThroughCacheRule | Admin | |
| ecr:CreateRepository | Admin | |
| ecr:DeleteLifecyclePolicy | Admin | |
| ecr:DeletePullThroughCacheRule | Admin | |
| ecr:DeleteRegistryPolicy | Admin | |
| ecr:DeleteRepository | Admin | |
| ecr:DeleteRepositoryPolicy | Admin | |
| ecr:DescribeImageReplicationStatus | Metadata | |
| ecr:DescribeImageScanFindings | Metadata | |
| ecr:DescribeImages | Metadata | |
| ecr:DescribePullThroughCacheRules | Metadata | |
| ecr:DescribeRegistry | Metadata | |
| ecr:DescribeRepositories | Metadata | |
| ecr:GetAuthorizationToken | Operator | "Authenticate with the registry to allow docker pull |
| ecr:GetDownloadUrlForLayer | ReadOnly | |
| ecr:GetLifecyclePolicy | Metadata | |
| ecr:GetLifecyclePolicyPreview | Metadata | |
| ecr:GetManifest | ReadOnly | "Unknown action (but listed in AWS policy generator) |
| ecr:GetRegistryPolicy | Metadata | |
| ecr:GetRegistryScanningConfiguration | Metadata | |
| ecr:GetRepositoryPolicy | Metadata | |
| ecr:InitiateLayerUpload | Operator | |
| ecr:ListImages | Metadata | |
| ecr:ListTagsForResource | Metadata | |
| ecr:PutImage | Admin | |
| ecr:PutImageScanningConfiguration | Admin | |
| ecr:PutImageTagMutability | Admin | |
| ecr:PutLifecyclePolicy | Admin | |
| ecr:PutRegistryPolicy | Admin | |
| ecr:PutRegistryScanningConfiguration | Admin | |
| ecr:PutReplicationConfiguration | Admin | |
| ecr:ReplicateImage | Admin | |
| ecr:SetRepositoryPolicy | Owner | Allows cross-account access. |
| ecr:StartImageScan | Admin | |
| ecr:StartLifecyclePolicyPreview | Admin | Admin can preview before creating a lifecycle policy. |
| ecr:TagResource | Operator | |
| ecr:UntagResource | Operator | |
| ecr:UploadLayerPart | Operator |