I am facing the following issue when attempting to retrieve an authentication token and authenticate your Docker client to your registry:
user is not authorized to perform: ecr-public:GetAuthorizationToken on resource: *
I was able to push an image to my private repository just fine without issue. I am using an EC2 ubuntu image to perform these push commands found in AWS dashboard. I made sure the user has role: AmazonEC2ContainerRegistryFullAccess
I found the following roles to work. Make sure you attach these policies to your group or user in IAM:
Private registry: AmazonEC2ContainerRegistryFullAccess
Public registry: AmazonElasticContainerRegistryPublicFullAccess
As per ECR Public docs , IAM principals need the following two actions to call GetAuthorizationToken
:
ecr-public:GetAuthorizationToken
sts:GetServiceBearerToken
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.