# Identity-Based Policy for ECR [TOC] ###### tags: `aws` `iam` `ecr` --- ## Accessing Amazon ECR Repositories Granting an IAM user in AWS account access to all of your Amazon ECR repositories, allowing the user to push, pull, and list images. ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "ListImagesInRepository", "Effect": "Allow", "Action": [ "ecr:ListImages" ], "Resource": "arn:aws:ecr:{REGION}:{ACCOUNT_ID}:repository/{REPOSITORY}" }, { "Sid": "GetAuthorizationToken", "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken" ], "Resource": "*" }, { "Sid": "ManageRepositoryContents", "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:DescribeImages", "ecr:BatchGetImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:PutImage" ], "Resource": "arn:aws:ecr:{REGION}:{ACCOUNT_ID}:repository/{REPOSITORY}" } ] } ``` ### `{REGION}` | Region | Region Name | | ---------------- | ------------------------- | | `us-east-2` | US East (Ohio) | | `us-east-1` | US East (N. Virginia) | | `us-west-1` | US West (N. California) | | `us-west-2` | US West (Oregon) | | `af-south-1` | Africa (Cape Town) | | `ap-east-1` | Asia Pacific (Hong Kong) | | `ap-southeast-3` | Asia Pacific (Jakarta) | | `ap-south-1` | Asia Pacific (Mumbai) | | `ap-northeast-3` | Asia Pacific (Osaka) | | `ap-northeast-2` | Asia Pacific (Seoul) | | `ap-southeast-1` | Asia Pacific (Singapore) | | `ap-southeast-2` | Asia Pacific (Sydney) | | `ap-northeast-1` | Asia Pacific (Tokyo) | | `ca-central-1` | Canada (Central) | | `eu-central-1` | Europe (Frankfurt) | | `eu-west-1` | Europe (Ireland) | | `eu-west-2` | Europe (London) | | `eu-south-1` | Europe (Milan) | | `eu-west-3` | Europe (Paris) | | `eu-north-1` | Europe (Stockholm) | | `me-south-1` | Middle East (Bahrain) | | `sa-east-1` | South America (São Paulo) | | `us-gov-east-1` | AWS GovCloud (US-East) | | `us-gov-west-1` | AWS GovCloud (US-West) | ## Reference - [Amazon Elastic Container Registry Identity-Based Policy Examples](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security_iam_id-based-policy-examples.html)