Search code examples
aws-cdk

Upgrade deprecated autoDeleteImages property gives AccessDeniedException - DescribeRepositories?

Deploying after changing the ECR Repository property from autoDeleteImages to emptyOnDelete results in error:

AccessDeniedException ... because no identity-based policy allows the ecr:DescribeRepositories action

     this.ecr = new Repository(this, 'Ecr', {
       repositoryName: "test-ecs-api-svc",
       removalPolicy: RemovalPolicy.DESTROY,
       // otherwise won't be able to destroy on removal
       // autoDeleteImages: true,
       emptyOnDelete: true,
     });

How to get rid of the deprecated property?

Solution

  • The trick is to do it in two deploy steps:

    1. remove the deprecated usage of the autoDeleteImages property
    2. run cdk deploy
    3. add the new emptyOnDelete property
    4. run cdk deploy again

    Annoying, but it seems to get it done.