AWS ECR user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: *
Question
I am facing the following issue when attempting to retrieve an authentication token and authenticate your Docker client to your registry:
user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: *
I was able to push an image to my private repository just fine without issue. I am using an EC2 ubuntu image to perform these push commands found in AWS dashboard. I made sure the user has role: AmazonEC2ContainerRegistryFullAccess
2 answers
solution1
4 2021-01-14 21:34:03
I found the following roles to work. Make sure you attach these policies to your group or user in IAM:
Private registry: AmazonEC2ContainerRegistryFullAccess
Public registry: AmazonElasticContainerRegistryPublicFullAccess
solution2
1 2021-01-17 01:55:30
As per ECR Public docs , IAM principals need the following two actions to call GetAuthorizationToken :
-
ecr-public:GetAuthorizationToken -
sts:GetServiceBearerToken
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.