2

I have a clear problem that I have spent a lot of time trying to figure out. Let me know if you guys have any suggestions. :)

Thanks in advance!

Scenario:

  • Private VPC (no internet access)
  • A specific ECR repo name “demo-hello-world”.
  • ECS cluster created.
  • VPC endpoint created.

Objective:

Need policy example for VPC endpoint to ECR demo-hello-world.

The policy will involve:

  • ECR API

  • ECR DKR

  • The specific S3 bucket for “demo-hello-world” that ECR uses underneath. <==(I don’t know how to find the ARN for this)

Thanks!

Gary

Gary Leong
  • 199
  • 1
  • 2
  • 12

1 Answers1

3

I found the answer here.

https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html

Create s3 gateway endpoint with the arn format. (I though starport was a user, but I guess it's a special name for ECR.)

arn:aws:s3:::prod-region-starport-layer-bucket/*

Gary Leong
  • 199
  • 1
  • 2
  • 12