AWS ECR 登录错误:命令:aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin {id}.dkr.ecr.{region}.amazonaws.com
调用 GetAuthorizationToken 操作时发生错误(AccessDeniedException):用户:arn:aws:iam::{id}:{user/username}未获授权对资源执行:ecr:GetAuthorizationToken:*,因为没有基于身份的策略允许 ecr:GetAuthorizationToken 操作错误:无法从非 TTY 设备执行交互式登录。
如果我添加*,Resource我就可以登录:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPullImageTag",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"iam:GetAccountAuthorizationDetails"
],
"Resource": [
"arn:aws:ecr:{region}:{id}:{repository}/{repository}"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/environment": "{taganame}"
}
}
}
]
}
我制定此策略只是为了为特定用户和存储库的特定标签提取图像。