first time, long time!
Getting this error:
An error occurred (InternalFailure) when calling the GetAuthorizationToken operation (reached max retries: 2):
When running:
aws ecr-public get-login-password --region us-west-2 --profile <IAM user profile>
IAM user has this policy attached (this was made extremely permissive out of frustration ;) ):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sts:*",
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ecr-public:*",
"Resource": "*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "ecr:*",
"Resource": "*"
}
]
}
And a role with the trust policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowIamUserAssumeRole",
"Effect": "Allow",
"Principal": {
"AWS": "<ARN of IAM user>"
},
"Action": "sts:AssumeRole"
},
{
"Sid": "AllowPassSessionTags",
"Effect": "Allow",
"Principal": {
"AWS": "<ARN of IAM user>"
},
"Action": "sts:TagSession"
}
]
}
The role has "AmazonEC2ContainerRegistryFullAccess" and "AmazonElasticContainerRegistryPublicFullAccess" policies attached.
What am I doing wrong here?
Running
aws ecr-public get-login-password --region us-east-1 --profile <IAM user profile>worked. Hopefully this will save someone some pain in the future.