使用 aws CLI,我试图找到一种方法将帐户 ID 添加到 ecr 图像存储库权限,而无需重写整个 json。有没有简单的方法可以做到这一点?
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowCrossAccountPull",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::111:root",
"arn:aws:iam::222:root",
"arn:aws:iam::333:root",
"arn:aws:iam::444:root",
"arn:aws:iam::<ADD_NEW_ACCOUNT_HERE>:root",
]
},
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:DescribeImageScanFindings",
"ecr:DescribeImages",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:ListTagsForResource"
]
}
]
}