Home > Software design >  Adding the role to code build to access the ECR
Adding the role to code build to access the ECR

Time:03-12

I want to give the policy to codebuild to access the ecr repository for push.

However to what should I give the policy?

I can do this manually in amazon web console though,

it's quite not clear to me in cdk.

   const buildProject = new codebuild.PipelineProject(this, 'buildproject', {
      environment: {
        buildImage:codebuild.LinuxBuildImage.STANDARD_4_0,
        privileged:true, 
      },
      buildSpec: codebuild.BuildSpec.fromSourceFilename("./buildspec.yml")
    });
    buildProject.addToRolePolicy(new iam.PolicyStatement({
      resources: [what should be here?],
      actions: ['ecr:GetAuthorizationToken'] }
    ));

CodePudding user response:

Simply myRepository.grantPullPush(buildProject).

Reference: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr.Repository.html#grantwbrpullwbrpushgrantee

This will abstract away the content of the policy.

  • Related