RegistryPolicy
The RegistryPolicy resource allows you to manage the registry policies for Amazon Elastic Container Registry (ECR), enabling you to set permissions for your container images. For more information, visit the AWS ECR RegistryPolicys documentation.
Minimal Example
Section titled “Minimal Example”Create a basic registry policy that grants permissions to a specific IAM role.
import AWS from "alchemy/aws/control";
const basicRegistryPolicy = await AWS.ECR.RegistryPolicy("basicRegistryPolicy", { PolicyText: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { AWS: "arn:aws:iam::123456789012:role/MyECRAccessRole" }, Action: "ecr:*", Resource: "*" } ] }});Advanced Configuration
Section titled “Advanced Configuration”Define a more complex registry policy that includes multiple statements and conditions.
const advancedRegistryPolicy = await AWS.ECR.RegistryPolicy("advancedRegistryPolicy", { PolicyText: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { AWS: "arn:aws:iam::123456789012:role/MyECRAccessRole" }, Action: "ecr:PutImage", Resource: "*", Condition: { StringEquals: { "ecr:repositoryName": "my-repo" } } }, { Effect: "Deny", Principal: { AWS: "arn:aws:iam::123456789012:role/RestrictedRole" }, Action: "ecr:DeleteRepository", Resource: "*" } ] }});Example with Adoption
Section titled “Example with Adoption”Create a registry policy that adopts an existing resource if it already exists, avoiding failure.
const adoptRegistryPolicy = await AWS.ECR.RegistryPolicy("adoptRegistryPolicy", { PolicyText: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { AWS: "arn:aws:iam::123456789012:role/MyECRAccessRole" }, Action: "ecr:BatchGetImage", Resource: "*" } ] }, adopt: true});