Skip to content

Instantly share code, notes, and snippets.

@KyMidd

KyMidd/hub_ecr_repository_policy.tf

Created June 20, 2021 18:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save KyMidd/b7d17f9580a31887bb24e1fa38635dd8 to your computer and use it in GitHub Desktop.
Save KyMidd/b7d17f9580a31887bb24e1fa38635dd8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hub_ecr_repository_policy.tf
resource "aws_ecr_repository_policy" "hub_ecr_repository_policy" {
repository = aws_ecr_repository.hub_ecr_repository.name
policy = jsonencode(
{
"Version" : "2008-10-17",
"Statement" : [
{
"Sid" : "AllowSpokeAccountsToPull",
"Effect" : "Allow",
"Principal" : {
"AWS" : [
"arn:aws:iam::1234567890:root"
]
},
"Action" : [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
]
}
]
}
)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment