I’d like Replicated to proxy my private images from ECR as described here Docker Registries .
I’ve gotten this working using my Access Key ID and Secret Access Key, but I’d like to provision an IAM user that has only minimal access. Ideally it should be able to pull images from ECR, but shouldn’t have any other AWS access. What sort of policy definition should I be using in AWS when generating ECR credentials?