elastic-ci-stack-for-aws icon indicating copy to clipboard operation
elastic-ci-stack-for-aws copied to clipboard

Published 20 hours ago verified publisher icon buildkite

Add new values for ECRAccessPolicy that include `ecr:BatchImportUpstreamImage`

Open triarius opened this issue 1 year ago • 1 comments

This IAM permission is necessary to use an ECR pull through cache. Technically, it is not readonly, as images will be written to the pull though cache on cache misses. Surprisingly, it is not in poweruser either. But we think customers will want to give Stacks the ability to use pull through caches without giving full permissions.

See https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html for more details.

triarius avatar Dec 07 '23 02:12 triarius

This turned into more of a saga than I thought. I'm going put it back to draft and rework it a little.

triarius avatar Dec 07 '23 06:12 triarius