2025 05 13

AWS – Amazon ECR expands registry policy to all ECR actions in AWS GovCloud (US) Regions

Amazon Elastic Container Registry (Amazon ECR) now supports registry policy v2 in AWS GovCloud (US) Regions, allowing customers to manage IAM permissions for all ECR API actions and simplify ECR permission management.

ECR registry policy allows customers to control usage of ECR private registries by granting permissions to perform registry-level actions to an AWS IAM principal. Registry policy version 1 (v1), only supported three actions: ReplicateImage, BatchImportUpstreamImage, and CreateRepository. Now, the new registry policy version 2 (v2) supports every ECR action. Using registry policy v2 makes it easier for customers to control permissions across all repositories in an ECR registry, allowing customers to improve security posture and save time versus configuring permissions individually across multiple repositories.

To get started, customers can migrate from registry policy v1 to v2 using the ECR management console or with the new ECR put-account-setting API. New ECR accounts automatically use registry policy v2. To learn more about ECR’s registry policy and permissions, see our Amazon ECR User Guide.

AWS – Amazon ECR expands registry policy to all ECR actions in AWS GovCloud (US) Regions

Related Posts

AWS – Amazon Elastic Container Registry (ECR) supports image replication between the AWS GovCloud (US) Region

AWS – Amazon VPC adds CloudTrail logging for VPC resources created by default

AWS – AWS Deadline Cloud service-managed fleets now support configuration scripts