What is the permission for a IAM user to create a ECR repository?

Question

My IAM user is getting this error

User: arn:aws:iam::123456789:user/admin is not authorized to perform: 
ecr:CreateRepository on resource: *

when I try to create a repository.

I have already grant AmazonEC2ContainerServiceFullAccess to the group this user belongs to. I search for repository in 'attach policy' but there is no match. How can I grant the permission to this user?

score 8 · Answer 1 · answered Sep 04 '21 at 15:23

8

The required permission is AmazonEC2ContainerRegistryFullAccess

answered Sep 04 '21 at 15:23

Caner

319

score 5 · Answer 2 · answered Jan 20 '21 at 20:04

5

I got this error some time back, notice that you have given "containerservicefullaccess" and not "ContainerRegistryFullAccess"

answered Jan 20 '21 at 20:04

Ranjith

51
1
2

score 2 · Answer 3 · answered Jun 02 '17 at 14:59

2

ECR has its own IAM policies, so you need to give your user additional permissions for it Here you can find documentation about ECR policies

answered Jun 02 '17 at 14:59

Anton Makovetsky

391

What is the permission for a IAM user to create a ECR repository?

3 Answers3