こんなん。
export AWS_ACCESS_KEY_ID='...' export AWS_SECRET_ACCESS_KEY='...' repol -e -o Repolfile # export Repository Policy vi Repolfile repol -a --dry-run repol -a # apply `Repolfile` Help
require 'other/repolfile' repository "my_ecr_repo" do {"Version"=>"2008-10-17", "Statement"=> [{"Sid"=>"PullOnly", "Effect"=>"Allow", "Principal"=>{"AWS"=>"arn:aws:iam::123456789012:root"}, "Action"=> ["ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer"]}]} end