/
CloudFormation.yaml
49 lines (43 loc) · 1.26 KB
/
CloudFormation.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
AWSTemplateFormatVersion: 2010-09-09
Description: Create IAM::User that can authenticate with and pull images from ECR
Resources:
ECRAuthGroup:
Type: AWS::IAM::Group
Properties:
Path: /ECRManagement/
Policies:
- PolicyName: ecr-auth-and-read
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:DescribeImages
- ecr:GetAuthorizationToken
- ecr:BatchCheckLayerAvailability
Resource: "*"
ECRAuthUser:
Type: AWS::IAM::User
Properties:
Path: /ECRManagement/
Groups:
- !Ref ECRAuthGroup
# You may want to create this manually in the IAM console
# so that the secrey key is not vissble in stack outputs
# section of CloudFormation console
ECRAuthAccessKey:
Type: AWS::IAM::AccessKey
Properties:
Status: Active
UserName: !Ref ECRAuthUser
Outputs:
AccessKey:
Description: Access key for the created user
Value: !Ref ECRAuthAccessKey
SecretKey:
Description: Secret key for the created user
Value: !GetAtt
- ECRAuthAccessKey
- SecretAccessKey