[英]AWS ECR user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: *
I am facing the following issue when attempting to retrieve an authentication token and authenticate your Docker client to your registry:尝试检索身份验证令牌并向您的注册表验证您的 Docker 客户端时,我遇到了以下问题:
user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: *
I was able to push an image to my private repository just fine without issue.我能够毫无问题地将图像推送到我的私人存储库。 I am using an EC2 ubuntu image to perform these push commands found in AWS dashboard.
我正在使用 EC2 ubuntu 图像来执行 AWS 仪表板中的这些推送命令。 I made sure the user has role:
AmazonEC2ContainerRegistryFullAccess
我确保用户具有角色:
AmazonEC2ContainerRegistryFullAccess
I found the following roles to work.我发现以下角色可以工作。 Make sure you attach these policies to your group or user in IAM:
确保将这些策略附加到 IAM 中的组或用户:
Private registry: AmazonEC2ContainerRegistryFullAccess私有注册表: AmazonEC2ContainerRegistryFullAccess
Public registry: AmazonElasticContainerRegistryPublicFullAccess公共注册表: AmazonElasticContainerRegistryPublicFullAccess
As per ECR Public docs , IAM principals need the following two actions to call GetAuthorizationToken
:根据ECR Public docs ,IAM 委托人需要以下两个操作来调用
GetAuthorizationToken
:
ecr-public:GetAuthorizationToken
sts:GetServiceBearerToken
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.