-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS ECR: ecr:TagResource
seems required now
#416
Comments
@bradonkanyid Thanks for the report. What version of |
@estahn I've got the same issue, it was 1.3.0 installed from the Helm chart. |
@dex4er Just revisiting this and double-checking. There has been a change in regards to tags in |
I run |
@dex4er Thanks for checking. I will amend the IAM policy in the documentation. I can't find any changes relating to this though, which seems odd. https://github.com/estahn/k8s-image-swapper/blame/v1.3.3/pkg/registry/ecr.go |
We received the following from AWS recently:
I'm not sure why we are running into this issue prior to their Feb 28th deadline, however. |
@bradonkanyid Thanks for this. AWS may have rolled this out in certain regions prior to the deadline. At least I wouldn't put it past them. |
Closing as not further action appears to be required. |
## [1.3.0](estahn/k8s-image-swapper@v1.2.3...v1.3.0) (2022-09-07) ### 🎉 Features * cross account caching with role ([estahn#336](estahn#336)) ([98d138e](estahn@98d138e)) ### ⬆️ Dependencies * **deps:** bump actions/cache from 3.0.6 to 3.0.8 ([estahn#319](estahn#319)) ([245ab30](estahn@245ab30)), closes [estahn#809](estahn#809) [estahn#833](estahn#833) [estahn#810](estahn#810) [#888](https://github.com/estahn/k8s-image-swapper/issues/888) [#891](https://github.com/estahn/k8s-image-swapper/issues/891) [#899](https://github.com/estahn/k8s-image-swapper/issues/899) [#894](https://github.com/estahn/k8s-image-swapper/issues/894) * **deps:** bump alpine from 3.16.1 to 3.16.2 ([da05fdd](estahn@da05fdd)) * **deps:** bump github.com/alitto/pond from 1.8.0 to 1.8.1 ([estahn#342](estahn#342)) ([4e50c28](estahn@4e50c28)), closes [alitto/pond#33](alitto/pond#33) [estahn#34](estahn#34) [estahn#32](estahn#32) * **deps:** bump github.com/aws/aws-sdk-go from 1.44.70 to 1.44.92 ([0f396c5](estahn@0f396c5)) * **deps:** bump github.com/aws/aws-sdk-go from 1.44.70 to 1.44.92 ([estahn#338](estahn#338)) ([fa795ae](estahn@fa795ae)), closes [#4548](https://github.com/estahn/k8s-image-swapper/issues/4548) [#4546](https://github.com/estahn/k8s-image-swapper/issues/4546) [#4545](https://github.com/estahn/k8s-image-swapper/issues/4545) [#4544](https://github.com/estahn/k8s-image-swapper/issues/4544) [#4543](https://github.com/estahn/k8s-image-swapper/issues/4543) [#4542](https://github.com/estahn/k8s-image-swapper/issues/4542) [#4539](https://github.com/estahn/k8s-image-swapper/issues/4539) [#4536](https://github.com/estahn/k8s-image-swapper/issues/4536) [#4534](https://github.com/estahn/k8s-image-swapper/issues/4534) [#4533](https://github.com/estahn/k8s-image-swapper/issues/4533) * **deps:** bump github.com/go-co-op/gocron from 1.16.2 to 1.17.0 ([estahn#340](estahn#340)) ([645bef3](estahn@645bef3)), closes [go-co-op/gocron#380](go-co-op/gocron#380) [go-co-op/gocron#381](go-co-op/gocron#381) [go-co-op/gocron#375](go-co-op/gocron#375) [estahn#381](estahn#381) [estahn#380](estahn#380) [estahn#375](estahn#375) * **deps:** bump github.com/gruntwork-io/terratest from 0.40.19 to 0.40.21 ([estahn#334](estahn#334)) ([d0f6c39](estahn@d0f6c39)), closes [#1166](https://github.com/estahn/k8s-image-swapper/issues/1166) [#1159](https://github.com/estahn/k8s-image-swapper/issues/1159) * **deps:** bump github.com/rs/zerolog from 1.27.0 to 1.28.0 ([estahn#339](estahn#339)) ([7fb4ff5](estahn@7fb4ff5)), closes [estahn#457](estahn#457) [estahn#416](estahn#416) [estahn#454](estahn#454) [estahn#453](estahn#453) [estahn#383](estahn#383) [estahn#396](estahn#396) [estahn#414](estahn#414) [estahn#415](estahn#415) [estahn#430](estahn#430) [estahn#432](estahn#432) * **deps:** bump github.com/spf13/viper from 1.12.0 to 1.13.0 ([estahn#341](estahn#341)) ([9b59bd4](estahn@9b59bd4)), closes [spf13/viper#1371](spf13/viper#1371) [spf13/viper#1373](spf13/viper#1373) [spf13/viper#1393](spf13/viper#1393) [spf13/viper#1424](spf13/viper#1424) [spf13/viper#1405](spf13/viper#1405) [spf13/viper#1414](spf13/viper#1414) [spf13/viper#1387](spf13/viper#1387) [spf13/viper#1374](spf13/viper#1374) [spf13/viper#1375](spf13/viper#1375) [spf13/viper#1378](spf13/viper#1378) [spf13/viper#1360](spf13/viper#1360) [spf13/viper#1381](spf13/viper#1381) [spf13/viper#1384](spf13/viper#1384) [spf13/viper#1383](spf13/viper#1383) [spf13/viper#1395](spf13/viper#1395) [spf13/viper#1420](spf13/viper#1420) [spf13/viper#1422](spf13/viper#1422) [spf13/viper#1412](spf13/viper#1412) [spf13/viper#1373](spf13/viper#1373) [spf13/viper#1393](spf13/viper#1393) [spf13/viper#1371](spf13/viper#1371) [spf13/viper#1387](spf13/viper#1387) [spf13/viper#1405](spf13/viper#1405) [spf13/viper#1414](spf13/viper#1414) * **deps:** bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 ([estahn#328](estahn#328)) ([a8d2dd1](estahn@a8d2dd1)), closes [estahn#369](estahn#369) [estahn#357](estahn#357) [estahn#356](estahn#356) [estahn#360](estahn#360) [estahn#359](estahn#359) [estahn#358](estahn#358) [estahn#367](estahn#367) [estahn#369](estahn#369) [estahn#367](estahn#367) [estahn#358](estahn#358) [estahn#359](estahn#359) [estahn#360](estahn#360) [estahn#357](estahn#357) [estahn#356](estahn#356) * **deps:** bump k8s.io/api from 0.24.3 to 0.25.0 ([estahn#325](estahn#325)) ([ce10907](estahn@ce10907)), closes [#111657](https://github.com/estahn/k8s-image-swapper/issues/111657) [#109090](https://github.com/estahn/k8s-image-swapper/issues/109090) [#111258](https://github.com/estahn/k8s-image-swapper/issues/111258) [#111113](https://github.com/estahn/k8s-image-swapper/issues/111113) [#111696](https://github.com/estahn/k8s-image-swapper/issues/111696) [#108692](https://github.com/estahn/k8s-image-swapper/issues/108692) * **deps:** bump k8s.io/client-go from 0.24.3 to 0.25.0 ([estahn#324](estahn#324)) ([f7c889f](estahn@f7c889f))
We started getting errors in our swaps w/ k8s-image-swapper around
ecr:CreateRepository
(seeing this in cloudtrail), because of the missing permissionecr:TagResource
.Adding the
ecr:TagResource
action to our IAM policy for IRSA did fix the problem, so I think the docs just need updated.The text was updated successfully, but these errors were encountered: