Create a custom policy for repository creation templates
You can use the AWS Management Console to define a policy that will be subsequently associated with an IAM role. This IAM role can then be utilized as a repository creation role when configuring a repository creation template.
- AWS Management Console
-
To use the JSON policy editor to create a custom policy for repository creation templates.
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane on the left, choose Policies.
-
Choose Create policy.
-
In the Policy editor section, choose the JSON option.
-
Enter the following policy in the JSON field.
JSON- JSON
-
{ "Version": "2012-10-17" , "Statement": [ { "Effect": "Allow", "Action": [ "ecr:CreateRepository", "ecr:ReplicateImage", "ecr:TagResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:RetireGrant", "kms:DescribeKey" ], "Resource": "*" } ] }
-
Resolve any security warnings, errors, or general warnings generated during policy validation, and then choose Next.
-
When you are finished adding permissions to the policy, choose Next.
-
On the Review and create page, type a Policy Name and a Description (optional) for the policy that you are creating. Review Permissions defined in this policy to see the permissions that are granted by your policy.
-
Choose Create policy to save your new policy.
-
Create a role to assign this policy for the creation template, see Create an IAM role for repository creation templates.
