Amazon ECR
User Guide (API Version 2015-09-21)

Creating Amazon ECR IAM Policies

You can create specific IAM policies to restrict the calls and resources that users in your account have access to, and then attach those policies to IAM users.

When you attach a policy to a user or group of users, it allows or denies the users permission to perform the specified tasks on the specified resources. For more general information about IAM policies, see Permissions and Policies in the IAM User Guide. For more information about managing and creating custom IAM policies, see Managing IAM Policies.

To create an IAM policy for a user

  1. Open the IAM console at

  2. In the navigation pane, choose Policies, Create Policy.

  3. In the Create Policy section, choose Select next to Create Your Own Policy.

  4. For Policy Name, type your own unique name, such as AmazonECRUserPolicy.

  5. For Policy Document, paste the policy to apply to the user. You can use the managed policies as a starting point to create your own more or less restrictive IAM policies to use with Amazon ECR.

  6. Choose Create Policy.

To attach an IAM policy to a user

  1. Open the IAM console at

  2. In the navigation pane, choose Users and choose the user to which to attach the policy.

  3. Choose Permissions, Add permissions.

  4. In the Grant permissions section, choose Attach existing policies directly.

  5. Select the custom policy that you created in the previous procedure and choose Next: Review.

  6. Review your details and choose Add permissions.