ECR Policy Mapped to VPC Endpoint

Question

I am looking for a policy that rejects all access to ecr unless you are coming from a specific vpc endpoint. This is what I have below.

  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "Statement1",
      "Effect": "Deny",
      "Principal": "*",
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:BatchGetImage",
        "ecr:CompleteLayerUpload",
        "ecr:GetDownloadUrlForLayer",
        "ecr:InitiateLayerUpload",
        "ecr:ListImage",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ],
      "Condition": {
        "StringNotEquals": {
          "aws:SourceVpce": "vpce-XXXXXXX"
        }
      }
    }
  ]
}

I can list images on both my local computer and through my ec2 instance that is connected to the vpc endpoint.

Note the below bucket_policy works and rejects all access to list objects to the bucket unless on the vpc endpoint.

{
    "Version": "2012-10-17",
    "Id": "VPCe",
    "Statement": [
        {
            "Sid": "VPCe",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:ListBucket",
            "Resource": [
                "arn:aws:s3:::XXXXXX",
                "arn:aws:s3:::XXXXXXX/*"
            ],
            "Condition": {
                "StringNotEquals": {
                    "aws:SourceVpce": "vpce-XXXXXXXXXXX"
                }
            }
        }
    ]
}

Answer 1

Try adding "Resource": "*" in your first statement

Answer 2

The second policy maybe does work, but it is important to understand why. An IAM rule does apply if and only if the rule does match a supported combination of all the attributes. For example: According to https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html#amazons3-bucket the ListBucket action requires a bucket resource ARN. The bucket ARN looks like this:

arn:${Partition}:s3:::${BucketName}

while an object ARN looks like that:

arn:${Partition}:s3:::${BucketName}/${ObjectName}

Both is described on the same page. Let you note that the object ARN has a mandatory slash '/' character. You can try that if you remove "arn:aws:s3:::XXXXXXX/*" from your bucket policy, it will still work, but if you try to remove "arn:aws:s3:::XXXXXX" the policy will stop working.

In your condition you use aws:SourceVpce , which is not documented for the S3 service (still the same link). This is because it has nothing to do with the S3 service. It is related to VPC Endpoints - as described here https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html . From that I assume the you did create a VPC endpoint for S3 in your VPC. This is why your S3 policy does work.

By default AWS API calls do use public endpoints unless something else is documented. A service VPC endpoint can create a DNS alias and because AWS API is based on https, everything works without any change.

ECR seems to support VPC endpoints https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html

And the list of global conditions does mention the sourcevpce key https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcevpce

ONLY Gateway Endpoints seems to support the sourcevpce key and only S3 and DynamoDB are listed under services supporting Gateway Endpoints. https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html If a combination of a condition key and resource ARN is not supported I would expect the rule to be ignored.

You mention that the s3 policy is a bucket policy, but is the ECR a resource policy for every single ECR Repository you have?