This message was deleted.

sparse-intern-71089

12/17/2020, 1:52 PM

This message was deleted.

billowy-army-68599

12/17/2020, 5:44 PM

hey! Just to make sure I'm understanding you have account A with an ECS cluster and task and then account B with an ECR repository where you want to pull images from right?

fierce-ability-58936

12/17/2020, 7:51 PM

Hey Jim, looks like this question is more about AWS rather than Pulumi? I haven’t tried this solution but it might work: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html

Copy code

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "AllowCrossAccountPush",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::account-id:root"
      },
      "Action": [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchCheckLayerAvailability",
        "ecr:PutImage",
        "ecr:InitiateLayerUpload",
        "ecr:UploadLayerPart",
        "ecr:CompleteLayerUpload"
      ]
    }
  ]
}

bored-flower-84342

12/17/2020, 8:06 PM

thanks @fierce-ability-58936

bored-flower-84342

12/17/2020, 8:08 PM

whats not clear is it looks like you can set the resource policy on the repository, but you can also set on the registry

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.