Posted On: Dec 30, 2024
Today, Amazon Elastic Container Registry (Amazon ECR) announces registry policy v2 which now supports managing IAM permissions for all ECR API actions. This new registry policy makes it easier for customers to control usage of ECR capabilities within their accounts.
ECR registry policy allows customers to control usage of ECR private registries by granting permissions to perform registry actions to an Amazon IAM principal. Registry policy version 1 (v1), only supported three actions: ReplicateImage, BatchImportUpstreamImage, and CreateRepository. Now, the new registry policy version 2 (v2) supports every ECR action. Using registry policy v2 makes it easier for customers to control permissions across all repositories in an ECR registry, allowing them to improve their security posture and save time versus configuring permissions individually across multiple repositories.
ECR registry policy v2 is now available in both Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. You can migrate from registry policy v1 to v2 using the ECR management console or the new put-account-setting API. New ECR accounts will automatically use registry policy v2. To learn more about ECR’s registry policy and permissions, see our documentation.