如何解决无法访问另一个帐户中存在的 ECR 存储库
我正在尝试访问跨账户 ecr 存储库。在 ECR repo(in account1) 权限中我已经设置了这个
{
"Version": "2008-10-17","Statement": [
{
"Sid": "new statement","Effect": "Allow","Principal": {
"AWS": [
"arn:aws:iam::account2:role/sagemaker-20210223074454252300000002"
]
},"Action": [
"ecr:BatchCheckLayerAvailability","ecr:BatchDeleteImage","ecr:BatchGetImage","ecr:CompleteLayerUpload","ecr:DescribeImages","ecr:DescribeRepositories","ecr:GetDownloadUrlForLayer","ecr:GetRepositoryPolicy","ecr:InitiateLayerUpload","ecr:ListImages","ecr:PutImage","ecr:UploadLayerPart"
]
}
]
}
然后在 account2 中创建了一个 IAM 角色 arn:aws:iam::account2:role/sagemaker-20210223074454252300000002。
data "aws_iam_policy_document" "sagemaker" {
statement {
effect = "Allow"
actions = [
"ecr:*"
]
resources = [
"*",]
}
}
但是,我仍然无法访问 ecr。收到我没有访问权限的错误消息
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。