如何解决IAM用户无法查看ECR存储库-AWS
我创建了一个策略并附加到IAM用户,以允许他使用标签“ department = dev”访问AWS中的所有ECR存储库。以下是json政策:
{
"Version": "2012-10-17","Statement": [
{
"Sid": "VisualEditor0","Effect": "Allow","Action": [
"ecr:DescribeImageScanFindings","ecr:GetLifecyclePolicyPreview","ecr:GetDownloadUrlForLayer","ecr:BatchGetImage","ecr:DescribeImages","ecr:GetAuthorizationToken","ecr:DescribeRepositories","ecr:ListTagsForResource","ecr:ListImages","ecr:BatchCheckLayerAvailability","ecr:GetRepositoryPolicy","ecr:GetLifecyclePolicy"
],"Resource": "*","Condition": {
"StringEquals": {
"ecr:ResourceTag/department": "dev"
}
}
}
]
}
如果删除指定资源标签的条件,则用户可以看到所有存储库。但是我需要用户只能看到部门为“开发”的存储库。 TIA。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。