Applies a repository policy to the specified repository to control access permissions. For more information, see Amazon ECR Repository Policies in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
set-repository-policy
[--registry-id <value>]
--repository-name <value>
--policy-text <value>
[--force | --no-force]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--registry-id
(string)
The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
--repository-name
(string)
The name of the repository to receive the policy.
--policy-text
(string)
The JSON repository policy text to apply to the repository. For more information, see Amazon ECR Repository Policies in the Amazon Elastic Container Registry User Guide .
--force
| --no-force
(boolean)
If the policy you are attempting to set on a repository policy would prevent you from setting another policy in the future, you must force the SetRepositoryPolicy operation. This is intended to prevent accidental repository lock outs.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To set the repository policy for a repository
The following set-repository-policy
example attaches a repository policy contained in a file to the cluster-autoscaler
repository.
aws ecr set-repository-policy \
--repository-name cluster-autoscaler \
--policy-text file://my-policy.json
Contents of my-policy.json
:
{
"Version" : "2008-10-17",
"Statement" : [
{
"Sid" : "allow public pull",
"Effect" : "Allow",
"Principal" : "*",
"Action" : [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}
Output:
{
"registryId": "012345678910",
"repositoryName": "cluster-autoscaler",
"policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"allow public pull\",\n \"Effect\" : \"Allow\",\n \"Principal\" : \"*\",\n \"Action\" : [ \"ecr:BatchCheckLayerAvailability\", \"ecr:BatchGetImage\", \"ecr:GetDownloadUrlForLayer\" ]\n } ]\n}"
}
registryId -> (string)
The registry ID associated with the request.
repositoryName -> (string)
The repository name associated with the request.
policyText -> (string)
The JSON repository policy text applied to the repository.