The Continuous Deployment (I know its from 1.0, couldn’t find anything from 2.0) mention the following permissions need to be granted for a circleCI IAM user:
Permission - The ECS Container agent(s) need to have access to your repository. Make sure the underlying EC2 instances are allowed to access the repo. Their inherited policies should allow for “ecr:GetAuthorizationToken” at minimum”.
Unfortunately this does not satisfy all the requirements in order to push a docker image to a cluster from CircleCI. I tried giving it EC2 full access and a select number of ECR specific permissions (the workaround was to give it admin, but I would prefer to remove that).
Could someone provide an policy that satisfies the minimum requirement of pushing a docker image from Circle?