From 6dcf351d8cf287cd47dbaf42ef8280e63b9dbbce Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Tue, 27 May 2025 23:37:28 +0200
Subject: [PATCH] fix(kb/aws/ecr): add permission specification for pull
 through cache

---
 knowledge base/cloud computing/aws/ecr.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/knowledge base/cloud computing/aws/ecr.md b/knowledge base/cloud computing/aws/ecr.md
index 4e04278..c57de39 100644
--- a/knowledge base/cloud computing/aws/ecr.md	
+++ b/knowledge base/cloud computing/aws/ecr.md	
@@ -74,6 +74,11 @@ aws ecr describe-repositories --repository-names 'docker-tools/image-builder' \
 > This might™ introduce a small latency and be cause of pull failures. Pulling that (not-yet)cached image from an
 > interactive shell session worked flawlessly.
 
+The user or role pulling the image must be granted the `ecr:BatchImportUpstreamImage` permission for the feature to
+work as expected.
+
+Refer [Troubleshooting pull through cache issues in Amazon ECR].
+
 ## Troubleshooting
 
 ### Docker pull errors with `no basic auth credentials`
@@ -113,3 +118,4 @@ Context: trying to pull an image on an EC2 instance that is using the amazon-ecr
 [cli subcommand reference]: https://docs.aws.amazon.com/cli/latest/reference/ecr/
 [creating a lifecycle policy preview]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/lpp_creation.html
 [using pull through cache rules]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html
+[Troubleshooting pull through cache issues in Amazon ECR]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/error-pullthroughcache.html