Expected behavior
docker should pull image from AWS ECR on AWS EC2 instance with AWS EC2 role/policy and permission to all resources on aws ecr repository.
Actual behavior
Not able to pull image
getting is “unauthorized: authentication required”.
Additional Information
Steps to reproduce the behavior
- Assign AmazonEC2ContainerRegistryReadOnly policy to a role and the role to EC2 instance.
- Use below policy document to add permission to AWS ECR repository.
{
“Version”: “2008-10-17”,
“Statement”: [
{
“Sid”: “new policy”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: [
“ecr:GetAuthorizationToken”,
“ecr:BatchCheckLayerAvailability”,
“ecr:GetDownloadUrlForLayer”,
“ecr:GetRepositoryPolicy”,
“ecr:DescribeRepositories”,
“ecr:ListImages”,
“ecr:BatchGetImage”
]
}
]
}
Let me know if this is possible.