Skip to content

Commit

Permalink
Merge pull request #651 from rust-lang/chore-ci-staging-allow-authent…
Browse files Browse the repository at this point in the history
…icating-to-ecr-public-gallery

chore(ci-staging): allow authenticating to ecr public gallery
  • Loading branch information
MarcoIeni authored Dec 13, 2024
2 parents d8c051b + d01c787 commit 29d453c
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions terragrunt/modules/ci-runners/gh_oidc.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,23 @@ resource "aws_iam_role" "github_actions_ci_role" {
]
})
}

# Allow GitHub Actions to authenticate to AWS ECR Public Gallery
resource "aws_iam_role_policy" "github_actions_ecr_policy" {
name = "ecr-auth-policy"
role = aws_iam_role.github_actions_ci_role.id

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"ecr-public:GetAuthorizationToken",
"sts:GetServiceBearerToken"
]
Resource = "*"
}
]
})
}

0 comments on commit 29d453c

Please sign in to comment.