ב הוא חיבור של הרב יהושע בועז שתוכנו מראי מקומות למקורותشسdggרות הל555ה התafhgfh
במסgרות ה gh//شی הוא חיבור של הרב יהושע בועז שתוכנו מראי מקומות למקורותהתנדaghhhhו12ין יעל, המעציfghfghfע
/
proc
/
thread-self
/
root
/
proc
/
self
/
root
/
usr
/
local
/
aws-cli
/
v2
/
current
/
dist
/
awscli
/
examples
/
ecr-public
/
Upload FileeE
HOME
**Example 1: To set a repository policy to allow a pull on the repository** The following ``set-repository-policy`` example applies an ECR public repository policy to the specified repository to control access permissions. :: aws ecr-public set-repository-policy \ --repository-name project-a/nginx-web-app \ --policy-text file://my-repository-policy.json Contents of ``my-repository-policy.json``:: { "Version" : "2008-10-17", "Statement" : [ { "Sid" : "allow public pull", "Effect" : "Allow", "Principal" : "*", "Action" : [ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ] } ] } Output:: { "registryId": "12345678901", "repositoryName": "project-a/nginx-web-app", "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"allow public pull\",\n \"Effect\" : \"Allow\",\n \"Principal\" : \"*\",\n \"Action\" : [ \"ecr:BatchCheckLayerAvailability\", \"ecr:BatchGetImage\", \"ecr:GetDownloadUrlForLayer\" ]\n } ]\n}" } For more information, see `Setting a repository policy statement <https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-policy-examples.html>`__ in the *Amazon ECR Public User Guide*. **Example 2: To set a repository policy to allow an IAM user within your account to push images** The following ``set-repository-policy`` example allows an IAM user within your account to push images using to an ECR repository in your AWS account using the input file named ``file://my-repository-policy.json`` as policy text. :: aws ecr-public set-repository-policy \ --repository-name project-a/nginx-web-app \ --policy-text file://my-repository-policy.json Contents of ``my-repository-policy.json``:: { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPush", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::account-id:user/push-pull-user-1", "arn:aws:iam::account-id:user/push-pull-user-2" ] }, "Action": [ "ecr-public:BatchCheckLayerAvailability", "ecr-public:PutImage", "ecr-public:InitiateLayerUpload", "ecr-public:UploadLayerPart", "ecr-public:CompleteLayerUpload" ] } ] } Output:: { "registryId": "12345678901", "repositoryName": "project-a/nginx-web-app", "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"AllowPush\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : [ \"arn:aws:iam::12345678901:user/admin\", \"arn:aws:iam::12345678901:user/eksuser1\" ]\n },\n \"Action\" : [ \"ecr-public:BatchCheckLayerAvailability\", \"ecr-public:PutImage\", \"ecr-public:InitiateLayerUpload\", \"ecr-public:UploadLayerPart\", \"ecr-public:CompleteLayerUpload\" ]\n } ]\n}" } For more information, see `Setting a repository policy statement <https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-policy-examples.html>`__ in the *Amazon ECR Public User Guide*. **Example 3: To set a repository policy to allow an IAM user from different account to push images** The following ``set-repository-policy`` example allows a specific account to push images using cli input file://my-repository-policy.json in your AWS account. :: aws ecr-public set-repository-policy \ --repository-name project-a/nginx-web-app \ --policy-text file://my-repository-policy.json Contents of ``my-repository-policy.json``:: { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowCrossAccountPush", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::other-or-same-account-id:role/RoleName" }, "Action": [ "ecr-public:BatchCheckLayerAvailability", "ecr-public:PutImage", "ecr-public:InitiateLayerUpload", "ecr-public:UploadLayerPart", "ecr-public:CompleteLayerUpload" ] } ] } Output:: { "registryId": "12345678901", "repositoryName": "project-a/nginx-web-app", "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"AllowCrossAccountPush\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : \"arn:aws:iam::12345678901:role/RoleName\"\n },\n \"Action\" : [ \"ecr-public:BatchCheckLayerAvailability\", \"ecr-public:PutImage\", \"ecr-public:InitiateLayerUpload\", \"ecr-public:UploadLayerPart\", \"ecr-public:CompleteLayerUpload\" ]\n } ]\n}" } For more information, see `Public repository policy examples <https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-policy-examples.html>`__ in the *Amazon ECR Public User Guide*.