Bird
0
0

You want to restrict access to an ECR repository so only a specific IAM role can pull images. Which approach is best?

hard📝 Application Q9 of 15
AWS - ECS and Fargate
You want to restrict access to an ECR repository so only a specific IAM role can pull images. Which approach is best?
AAttach a resource-based policy to the ECR repository allowing only that IAM role
BUse security groups to block all other users
CCreate a VPC endpoint and allow only that IAM role to use it
DTag the repository and rely on tags for access control
Step-by-Step Solution
Solution:

  1. Step 1: Understand ECR access control methods

    ECR supports resource-based policies to restrict access to specific IAM roles.

  2. Step 2: Evaluate other options

    Security groups control network traffic, not IAM permissions. VPC endpoints control network access but not IAM role permissions. Tags alone do not enforce access.

  3. Final Answer:

    Attach a resource-based policy to the ECR repository allowing only that IAM role -> Option A

  4. Quick Check:

    Use resource policies to restrict ECR access [OK]
Quick Trick: Use resource-based policies for fine-grained ECR access [OK]
Common Mistakes:
  • Relying on security groups for IAM access control
  • Assuming VPC endpoints restrict IAM roles
  • Using tags without policies for access control

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
Advanced Security - AWS Config for compliance - Quiz 11easy CloudFormation - Creating stacks - Quiz 4medium CloudFormation - Stack drift detection - Quiz 7medium Cost Optimization - Right-sizing resources - Quiz 13medium ECS and Fargate - Task definitions - Quiz 15hard ECS and Fargate - Fargate vs EC2 launch type - Quiz 15hard ECS and Fargate - Fargate vs EC2 launch type - Quiz 9hard EKS - Node groups (managed, self-managed, Fargate) - Quiz 11easy Route 53 - Domain registration - Quiz 12easy Route 53 - Record types (A, AAAA, CNAME, Alias) - Quiz 14medium