AWS ECR 用户无权执行:ecr-public:GetAuthorizationToken 对资源:*
[英]AWS ECR user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: *
问题描述
I am facing the following issue when attempting to retrieve an authentication token and authenticate your Docker client to your registry:
尝试检索身份验证令牌并向您的注册表验证您的 Docker 客户端时,我遇到了以下问题:
user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: *
I was able to push an image to my private repository just fine without issue.我能够毫无问题地将图像推送到我的私人存储库。 I am using an EC2 ubuntu image to perform these push commands found in AWS dashboard.我正在使用 EC2 ubuntu 图像来执行 AWS 仪表板中的这些推送命令。 I made sure the user has role: AmazonEC2ContainerRegistryFullAccess我确保用户具有角色: AmazonEC2ContainerRegistryFullAccess
2 个解决方案
解决方案1
4 2021-01-14 21:34:03
I found the following roles to work.我发现以下角色可以工作。 Make sure you attach these policies to your group or user in IAM:确保将这些策略附加到 IAM 中的组或用户:
Private registry: AmazonEC2ContainerRegistryFullAccess私有注册表: AmazonEC2ContainerRegistryFullAccess
Public registry: AmazonElasticContainerRegistryPublicFullAccess公共注册表: AmazonElasticContainerRegistryPublicFullAccess
解决方案2
1 2021-01-17 01:55:30
As per ECR Public docs , IAM principals need the following two actions to call GetAuthorizationToken :根据ECR Public docs ,IAM 委托人需要以下两个操作来调用GetAuthorizationToken :
-
ecr-public:GetAuthorizationToken -
sts:GetServiceBearerToken
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.