@cloud-copilot/iam-data
Version:
685 lines • 19.4 kB
JSON
{
"batchchecklayeravailability": {
"name": "BatchCheckLayerAvailability",
"description": "Grants permission to check the availability of multiple image layers in a specified registry and repository",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchdeleteimage": {
"name": "BatchDeleteImage",
"description": "Grants permission to delete a list of specified images within a specified repository",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchgetimage": {
"name": "BatchGetImage",
"description": "Grants permission to get detailed information for specified images within a specified repository",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchgetrepositoryscanningconfiguration": {
"name": "BatchGetRepositoryScanningConfiguration",
"description": "Grants permission to retrieve repository scanning configuration for a list of repositories",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchimportupstreamimage": {
"name": "BatchImportUpstreamImage",
"isPermissionOnly": true,
"description": "Grants permission to retrieve the image from the upstream registry and import it to your private registry",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"completelayerupload": {
"name": "CompleteLayerUpload",
"description": "Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createpullthroughcacherule": {
"name": "CreatePullThroughCacheRule",
"description": "Grants permission to create new pull-through cache rule",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"iam:CreateServiceLinkedRole"
]
},
"createrepository": {
"name": "CreateRepository",
"description": "Grants permission to create an image repository",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ecr:TagResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createrepositorycreationtemplate": {
"name": "CreateRepositoryCreationTemplate",
"description": "Grants permission to create the repository creation template",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"ecr:CreateRepository",
"ecr:PutLifecyclePolicy",
"ecr:SetRepositoryPolicy",
"iam:CreateServiceLinkedRole",
"iam:PassRole"
]
},
"deletelifecyclepolicy": {
"name": "DeleteLifecyclePolicy",
"description": "Grants permission to delete the specified lifecycle policy",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletepullthroughcacherule": {
"name": "DeletePullThroughCacheRule",
"description": "Grants permission to delete the pull-through cache rule",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteregistrypolicy": {
"name": "DeleteRegistryPolicy",
"description": "Grants permission to delete the registry policy",
"accessLevel": "Permissions management",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleterepository": {
"name": "DeleteRepository",
"description": "Grants permission to delete an existing image repository",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleterepositorycreationtemplate": {
"name": "DeleteRepositoryCreationTemplate",
"description": "Grants permission to delete the repository creation template",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleterepositorypolicy": {
"name": "DeleteRepositoryPolicy",
"description": "Grants permission to delete the repository policy from a specified repository",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeimagereplicationstatus": {
"name": "DescribeImageReplicationStatus",
"description": "Grants permission to retrieve replication status about an image in a registry, including failure reason if replication fails",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeimagescanfindings": {
"name": "DescribeImageScanFindings",
"description": "Grants permission to describe the image scan findings for the specified image",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeimages": {
"name": "DescribeImages",
"description": "Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date",
"accessLevel": "List",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describepullthroughcacherules": {
"name": "DescribePullThroughCacheRules",
"description": "Grants permission to describe the pull-through cache rules",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeregistry": {
"name": "DescribeRegistry",
"description": "Grants permission to describe the registry settings",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describerepositories": {
"name": "DescribeRepositories",
"description": "Grants permission to describe image repositories in a registry",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describerepositorycreationtemplates": {
"name": "DescribeRepositoryCreationTemplates",
"description": "Grants permission to describe the repository creation template",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getaccountsetting": {
"name": "GetAccountSetting",
"description": "Grants permission to retrieve account settings",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [
"ecr:AccountSetting"
],
"dependentActions": []
},
"getauthorizationtoken": {
"name": "GetAuthorizationToken",
"description": "Grants permission to retrieve a token that is valid for a specified registry for 12 hours",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getdownloadurlforlayer": {
"name": "GetDownloadUrlForLayer",
"description": "Grants permission to retrieve the download URL corresponding to an image layer",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getimagecopystatus": {
"name": "GetImageCopyStatus",
"isPermissionOnly": true,
"description": "Grants permission to retrieve the status about an image copy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getlifecyclepolicy": {
"name": "GetLifecyclePolicy",
"description": "Grants permission to retrieve the specified lifecycle policy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getlifecyclepolicypreview": {
"name": "GetLifecyclePolicyPreview",
"description": "Grants permission to retrieve the results of the specified lifecycle policy preview request",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getregistrypolicy": {
"name": "GetRegistryPolicy",
"description": "Grants permission to retrieve the registry policy",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getregistryscanningconfiguration": {
"name": "GetRegistryScanningConfiguration",
"description": "Grants permission to retrieve registry scanning configuration",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getrepositorypolicy": {
"name": "GetRepositoryPolicy",
"description": "Grants permission to retrieve the repository policy for a specified repository",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"initiatelayerupload": {
"name": "InitiateLayerUpload",
"description": "Grants permission to notify Amazon ECR that you intend to upload an image layer",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listimages": {
"name": "ListImages",
"description": "Grants permission to list all the image IDs for a given repository",
"accessLevel": "List",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to list the tags for an Amazon ECR resource",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"putaccountsetting": {
"name": "PutAccountSetting",
"description": "Grants permission to update account settings",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"ecr:AccountSetting"
],
"dependentActions": []
},
"putimage": {
"name": "PutImage",
"description": "Grants permission to create or update the image manifest associated with an image",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putimagescanningconfiguration": {
"name": "PutImageScanningConfiguration",
"description": "Grants permission to update the image scanning configuration for a repository",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putimagetagmutability": {
"name": "PutImageTagMutability",
"description": "Grants permission to update the image tag mutability settings for a repository",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putlifecyclepolicy": {
"name": "PutLifecyclePolicy",
"description": "Grants permission to create or update a lifecycle policy",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putregistrypolicy": {
"name": "PutRegistryPolicy",
"description": "Grants permission to update the registry policy",
"accessLevel": "Permissions management",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putregistryscanningconfiguration": {
"name": "PutRegistryScanningConfiguration",
"description": "Grants permission to update registry scanning configuration",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putreplicationconfiguration": {
"name": "PutReplicationConfiguration",
"description": "Grants permission to update the replication configuration for the registry",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"iam:CreateServiceLinkedRole"
]
},
"replicateimage": {
"name": "ReplicateImage",
"isPermissionOnly": true,
"description": "Grants permission to replicate images to the destination registry",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"setrepositorypolicy": {
"name": "SetRepositoryPolicy",
"description": "Grants permission to apply a repository policy on a specified repository to control access permissions",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"startimagescan": {
"name": "StartImageScan",
"description": "Grants permission to start an image scan",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"startlifecyclepolicypreview": {
"name": "StartLifecyclePolicyPreview",
"description": "Grants permission to start a preview of the specified lifecycle policy",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to tag an Amazon ECR resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to untag an Amazon ECR resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updatepullthroughcacherule": {
"name": "UpdatePullThroughCacheRule",
"description": "Grants permission to update the pull-through cache rule",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updaterepositorycreationtemplate": {
"name": "UpdateRepositoryCreationTemplate",
"description": "Grants permission to update the repository creation template",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"ecr:CreateRepository",
"ecr:PutLifecyclePolicy",
"ecr:SetRepositoryPolicy",
"iam:CreateServiceLinkedRole",
"iam:PassRole"
]
},
"uploadlayerpart": {
"name": "UploadLayerPart",
"description": "Grants permission to upload an image layer part to Amazon ECR",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "repository",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"validatepullthroughcacherule": {
"name": "ValidatePullThroughCacheRule",
"description": "Grants permission to validate the pull-through cache rule",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
}
}