[英]Question about configuring policy for uploading docker image to ECR in Jenkins
我創建了一個新角色,用於使用 Jenkins 將 docker 圖像上傳到 ECR,我附上了我在這里找到的這個政策
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"ListImagesInRepository",
"Effect":"Allow",
"Action":[
"ecr:ListImages"
],
"Resource":"arn:aws:ecr:us-east-1:123456789012:repository/my-repo"
},
{
"Sid":"GetAuthorizationToken",
"Effect":"Allow",
"Action":[
"ecr:GetAuthorizationToken"
],
"Resource":"*"
},
{
"Sid":"ManageRepositoryContents",
"Effect":"Allow",
"Action":[
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"
],
"Resource":"arn:aws:ecr:us-east-1:123456789012:repository/my-repo"
}
]
}
我在 Policy Simulator 中測試,它給了我拒絕:
我懷疑 ARN 有問題,我只找到了一個 URL 用於 ECR 回購,但我根據示例更改了格式,有人可以幫助我嗎? 現在已經為它苦苦掙扎了很長時間。
問題出在Simulation Resource
上。 您正在測試*
,但您的政策明智地不允許全部。 您應該針對您需要訪問的資源的實際 ARN 對其進行測試。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.