Mathias Lykkegaard Lorenzen
Reputation: 15896
AWS restrict specific ECR images to specific IAM users?
I'm running a Docker host based on AWS Lightsail targeted individuals for hosting their spare time smaller scale projects.
I'd love to also offer Docker image hosting via AWS ECR, but obviously I wouldn't want one customer's images to be accessible by another customer.
I'd like to use one AWS account for hosting everything on, so that my customers won't need to create an AWS account to get started.
Is that possible somehow? Can I create individual IAM users which only have read and write access to specific images?
Upvotes: 1
Views: 832
Answers (1)
John Hanley
Reputation: 81414
One solution is to use different repositories and policies for each user.
Amazon ECR Repository Policies
Upvotes: 2
Related Questions
- Use ECR images in EKS from another account
- AWS Allow Cross-account EKS Cluster to Pull Images from ECR
- AWS IAM - Deny certain EC2 actions based on resource tags?
- AWS IAM, restricting an account to see and access only resources created by itself?
- How to attach IAM roles to EC2 instances so they can pull an specific image from ECR in Terraform
- How can I restrict AWS AMI usage by owner in an IAM policy?
- Limit users from pushing/pulling specific Docker images in AWS ECS Repo
- How to restrict image acess to authorized website users only
- How to allow image tagging with least privileges
- How can I limit EC2 describe images permissions?