Today, Amazon Elastic Container Registry (Amazon ECR) announces registry policy v2 which now supports managing IAM permissions for all ECR API actions. This new registry policy makes it easier for customers to control usage of ECR capabilities within their accounts.
ECR registry policy allows customers to control usage of ECR private registries by granting permissions to perform registry-level actions to an AWS IAM principal. Registry policy version 1 (v1), only supported three actions: ReplicateImage, BatchImportUpstreamImage, and CreateRepository. Now, the new registry policy version 2 (v2) supports every ECR action. Using registry policy v2 makes it easier for customers to control permissions across all repositories in an ECR registry, allowing them to improve their security posture and save time versus configuring permissions individually across multiple repositories.
ECR registry policy v2 is now available for all ECR registries in all AWS commercial regions. You can migrate from registry policy v1 to v2 using the ECR management console or with the new ECR put-account-setting
API. New ECR accounts will automatically use registry policy v2. To learn more about ECR’s registry policy and permissions, see our documentation
.