我正在尝试设置对 ECR 存储库的跨账户访问。 我让它工作的唯一方法是为每个存储库单独设置权限。
{
"Statement": [
{
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage"
],
"Principal": {
"AWS": [
"arn:aws:iam::my-other-cross-account:root"
]
},
"Effect": "Allow",
"Sid": "new statement"
}
],
"Version": "2008-10-17"
}
但我有很多存储库,我只想做一次,适用于所有存储库。 我还设置了要从其他帐户承担的 iam 全局角色,但它不起作用,使其起作用的唯一方法是为每个存储库单独设置。
谢谢