(cli): ImagePublishingRoleDefaultPolicy in bootstrap template should have docker pull permissions #14656
Closed
1 of 2 tasks
Labels
@aws-cdk/aws-ecr
Related to Amazon Elastic Container Registry
effort/small
Small work item – less than a day of effort
feature-request
A feature should be added or improved.
p1
package/tools
Related to AWS CDK Tools or CLI
Using a common docker asset as base image for other docker assets requires the image publishing role to have the
ecr:BatchGetImage
,ecr:GetDownloadUrlForLayer
andecr:InitiateLayerUpload
permissions.The comment here implies that it should be possible:
aws-cdk/packages/cdk-assets/lib/private/handlers/container-images.ts
Lines 34 to 35 in 0ea24e9
This is #6466 but for the new style stack synthesis.
Use Case
Consider the following pattern to "reuse" a common docker asset as base image in other docker assets:
Proposed Solution
Add the
ecr:BatchGetImage
,ecr:GetDownloadUrlForLayer
andecr:InitiateLayerUpload
in the bootstrap template.Other
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: