将角色添加到代码构建以访问 ECR
Adding the role to code build to access the ECR
我想将策略授予 codebuild
以访问 ecr
存储库进行推送。
但是我应该给什么保单呢?
虽然我可以在亚马逊网络控制台中手动执行此操作,
我在cdk中不是很清楚
const buildProject = new codebuild.PipelineProject(this, 'buildproject', {
environment: {
buildImage:codebuild.LinuxBuildImage.STANDARD_4_0,
privileged:true,
},
buildSpec: codebuild.BuildSpec.fromSourceFilename("./buildspec.yml")
});
buildProject.addToRolePolicy(new iam.PolicyStatement({
resources: [what should be here?],
actions: ['ecr:GetAuthorizationToken'] }
));
只是myRepository.grantPullPush(buildProject)
.
这将抽象出策略的内容。
我想将策略授予 codebuild
以访问 ecr
存储库进行推送。
但是我应该给什么保单呢?
虽然我可以在亚马逊网络控制台中手动执行此操作,
我在cdk中不是很清楚
const buildProject = new codebuild.PipelineProject(this, 'buildproject', {
environment: {
buildImage:codebuild.LinuxBuildImage.STANDARD_4_0,
privileged:true,
},
buildSpec: codebuild.BuildSpec.fromSourceFilename("./buildspec.yml")
});
buildProject.addToRolePolicy(new iam.PolicyStatement({
resources: [what should be here?],
actions: ['ecr:GetAuthorizationToken'] }
));
只是myRepository.grantPullPush(buildProject)
.
这将抽象出策略的内容。