プライベートイメージを利用する際の設定方法は以下。
https://circleci.com/docs/2.0/private-images/
すべてのリソースに対して
ecr:GetAuthorizationToken
対象のECRに対して
ecr:GetDownloadUrlForLayerecr:BatchGetImage
Terraform
data "aws_iam_policy_document" "circle_ci_policy_full_resource" {
statement {
actions = [
"ecr:GetAuthorizationToken",
]
resources = ["*"]
effect = "Allow"
}
}
data "aws_iam_policy_document" "circle_ci_policy_ecr" {
statement {
actions = [
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
]
resources = [
"{対象のECR ARN}",
]
effect = "Allow"
}
}
resource "aws_iam_user" "circle_ci" {
name = "circle_ci"
}
resource "aws_iam_user_policy" "circle_ci_full_resource" {
user = aws_iam_user.circle_ci.name
policy = data.aws_iam_policy_document.circle_ci_policy_full_resource.json
}
resource "aws_iam_user_policy" "circle_ci_ecr" {
user = aws_iam_user.circle_ci.name
policy = data.aws_iam_policy_document.circle_ci_policy_ecr.json
}