Permissions for @turbot/aws-ecr
Taking a look at permissions and associated grant levels for each permission for ECR:
Permission | Grant Level | Help |
---|---|---|
ecr-public:BatchCheckLayerAvailability | Metadata | |
ecr-public:BatchDeleteImage | Admin | |
ecr-public:CompleteLayerUpload | Operator | |
ecr-public:CreateRepository | Admin | |
ecr-public:DeleteRepository | Admin | |
ecr-public:DeleteRepositoryPolicy | Admin | |
ecr-public:DescribeImageTags | Metadata | |
ecr-public:DescribeImages | Metadata | |
ecr-public:DescribeRegistries | Metadata | |
ecr-public:DescribeRepositories | Metadata | |
ecr-public:GetAuthorizationToken | Metadata | |
ecr-public:GetRegistryCatalogData | Metadata | |
ecr-public:GetRepositoryCatalogData | Metadata | |
ecr-public:GetRepositoryPolicy | Metadata | |
ecr-public:InitiateLayerUpload | Operator | |
ecr-public:ListTagsForResource | Metadata | |
ecr-public:PutImage | Admin | |
ecr-public:PutRegistryCatalogData | Admin | |
ecr-public:PutRepositoryCatalogData | Admin | |
ecr-public:SetRepositoryPolicy | Admin | |
ecr-public:TagResource | Operator | |
ecr-public:UntagResource | Operator | |
ecr-public:UploadLayerPart | Admin | |
ecr:BatchCheckLayerAvailability | Metadata | |
ecr:BatchDeleteImage | Admin | |
ecr:BatchGetImage | Metadata | |
ecr:BatchGetRepositoryScanningConfiguration | Metadata | |
ecr:BatchImportUpstreamImage | Admin | |
ecr:CompleteLayerUpload | Operator | |
ecr:CreatePullThroughCacheRule | Admin | |
ecr:CreateRepository | Admin | |
ecr:DeleteLifecyclePolicy | Admin | |
ecr:DeletePullThroughCacheRule | Admin | |
ecr:DeleteRegistryPolicy | Admin | |
ecr:DeleteRepository | Admin | |
ecr:DeleteRepositoryPolicy | Admin | |
ecr:DescribeImageReplicationStatus | Metadata | |
ecr:DescribeImageScanFindings | Metadata | |
ecr:DescribeImages | Metadata | |
ecr:DescribePullThroughCacheRules | Metadata | |
ecr:DescribeRegistry | Metadata | |
ecr:DescribeRepositories | Metadata | |
ecr:GetAuthorizationToken | Operator | "Authenticate with the registry to allow docker pull |
ecr:GetDownloadUrlForLayer | ReadOnly | |
ecr:GetLifecyclePolicy | Metadata | |
ecr:GetLifecyclePolicyPreview | Metadata | |
ecr:GetManifest | ReadOnly | "Unknown action (but listed in AWS policy generator) |
ecr:GetRegistryPolicy | Metadata | |
ecr:GetRegistryScanningConfiguration | Metadata | |
ecr:GetRepositoryPolicy | Metadata | |
ecr:InitiateLayerUpload | Operator | |
ecr:ListImages | Metadata | |
ecr:ListTagsForResource | Metadata | |
ecr:PutImage | Admin | |
ecr:PutImageScanningConfiguration | Admin | |
ecr:PutImageTagMutability | Admin | |
ecr:PutLifecyclePolicy | Admin | |
ecr:PutRegistryPolicy | Admin | |
ecr:PutRegistryScanningConfiguration | Admin | |
ecr:PutReplicationConfiguration | Admin | |
ecr:ReplicateImage | Admin | |
ecr:SetRepositoryPolicy | Owner | Allows cross-account access. |
ecr:StartImageScan | Admin | |
ecr:StartLifecyclePolicyPreview | Admin | Admin can preview before creating a lifecycle policy. |
ecr:TagResource | Operator | |
ecr:UntagResource | Operator | |
ecr:UploadLayerPart | Operator |