There are more AWS SDK examples available in the AWS Doc SDK Examples
Use SetRepositoryPolicy
with an AWS SDK or CLI
The following code examples show how to use SetRepositoryPolicy
.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
- CLI
-
- AWS CLI
-
To set the repository policy for a repository
The following
set-repository-policy
example attaches a repository policy contained in a file to thecluster-autoscaler
repository.aws ecr set-repository-policy \ --repository-name cluster-autoscaler \ --policy-text file://my-policy.json
Contents of
my-policy.json
:{ "Version" : "2008-10-17", "Statement" : [ { "Sid" : "allow public pull", "Effect" : "Allow", "Principal" : "*", "Action" : [ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ] } ] }
Output:
{ "registryId": "012345678910", "repositoryName": "cluster-autoscaler", "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"allow public pull\",\n \"Effect\" : \"Allow\",\n \"Principal\" : \"*\",\n \"Action\" : [ \"ecr:BatchCheckLayerAvailability\", \"ecr:BatchGetImage\", \"ecr:GetDownloadUrlForLayer\" ]\n } ]\n}" }
-
For API details, see SetRepositoryPolicy
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /** * Sets the repository policy for the specified ECR repository. * * @param repoName the name of the ECR repository. * @param iamRole the IAM role to be granted access to the repository. * @throws RepositoryPolicyNotFoundException if the repository policy does not exist. * @throws EcrException if there is an unexpected error setting the repository policy. */ public void setRepoPolicy(String repoName, String iamRole) { /* This example policy document grants the specified AWS principal the permission to perform the `ecr:BatchGetImage` action. This policy is designed to allow the specified principal to retrieve Docker images from the ECR repository. */ String policyDocumentTemplate = """ { "Version" : "2012-10-17", "Statement" : [ { "Sid" : "new statement", "Effect" : "Allow", "Principal" : { "AWS" : "%s" }, "Action" : "ecr:BatchGetImage" } ] } """; String policyDocument = String.format(policyDocumentTemplate, iamRole); SetRepositoryPolicyRequest setRepositoryPolicyRequest = SetRepositoryPolicyRequest.builder() .repositoryName(repoName) .policyText(policyDocument) .build(); CompletableFuture<SetRepositoryPolicyResponse> response = getAsyncClient().setRepositoryPolicy(setRepositoryPolicyRequest); response.whenComplete((resp, ex) -> { if (resp != null) { System.out.println("Repository policy set successfully."); } else { Throwable cause = ex.getCause(); if (cause instanceof RepositoryPolicyNotFoundException) { throw (RepositoryPolicyNotFoundException) cause; } else if (cause instanceof EcrException) { throw (EcrException) cause; } else { String errorMessage = "Unexpected error: " + cause.getMessage(); throw new RuntimeException(errorMessage, cause); } } }); response.join(); }
-
For API details, see SetRepositoryPolicy in AWS SDK for Java 2.x API Reference.
-
- Kotlin
-
- SDK for Kotlin
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /** * Sets the repository policy for the specified ECR repository. * * @param repoName the name of the ECR repository. * @param iamRole the IAM role to be granted access to the repository. */ suspend fun setRepoPolicy( repoName: String?, iamRole: String?, ) { val policyDocumentTemplate = """ { "Version" : "2012-10-17", "Statement" : [ { "Sid" : "new statement", "Effect" : "Allow", "Principal" : { "AWS" : "$iamRole" }, "Action" : "ecr:BatchGetImage" } ] } """.trimIndent() val setRepositoryPolicyRequest = SetRepositoryPolicyRequest { repositoryName = repoName policyText = policyDocumentTemplate } EcrClient { region = "us-east-1" }.use { ecrClient -> val response = ecrClient.setRepositoryPolicy(setRepositoryPolicyRequest) if (response != null) { println("Repository policy set successfully.") } } }
-
For API details, see SetRepositoryPolicy
in AWS SDK for Kotlin API reference.
-