AWS Managed Policies. A maze of twisty passages all alike. Explore them here. If it looks like a button, it's clickable. Always up to date.

AWSAppRunnerServicePolicyForECRAccess details (in AWS console)

Policy Name

AWSAppRunnerServicePolicyForECRAccess

Description

AWS App Runner service policy that grants read permissions to Amazon ECR resources in the customer's account. Use it in a role that is passed to App Runner when creating or updating an App Runner service.

ARN

arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess

Path

/service-role/

PolicyId

ANPAZKAPJZG4LYM3IT6IY

AttachmentCount

ecr

[
  {
    "Effect": "Allow",
    "Action": [
      "ecr:GetDownloadUrlForLayer",
      "ecr:BatchGetImage",
      "ecr:DescribeImages",
      "ecr:GetAuthorizationToken",
      "ecr:BatchCheckLayerAvailability"
    ],
    "Resource": [
      "*"
    ]
  }
]