Skip to content

Commit

Permalink
fix(cli): image publishing role doesn't have docker pull permissions (#…
Browse files Browse the repository at this point in the history
…14662)

Using a common docker asset as base image for other docker assets requires
the image publishing role to have the `ecr:BatchGetImage`, `ecr:GetDownloadUrlForLayer`
and `ecr:InitiateLayerUpload` permissions.

Closes #14656


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
jogold authored Jun 4, 2021
1 parent f932e0f commit beaffa9
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,8 @@ Resources:
- ecr:BatchCheckLayerAvailability
- ecr:DescribeRepositories
- ecr:DescribeImages
- ecr:BatchGetImage
- ecr:GetDownloadUrlForLayer
Resource:
Fn::Sub: "${ContainerAssetsRepository.Arn}"
Effect: Allow
Expand Down

0 comments on commit beaffa9

Please sign in to comment.