Updated on 2025-06-30 GMT+08:00

SWR Custom Policies

Custom policies can be created to supplement the system-defined policies of SWR. For details about actions supported in custom policies, see Permissions and Supported Actions.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a policy in the JSON format from scratch or based on an existing policy.

    For details about how to create a custom policy, see Creating a Custom Policy. This section provides examples of common custom policies of SWR.

Example SWR Custom Policies

  • Example 1: Allowing image pull
{
  "Version": "1.1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "swr:repo:download"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "swr::createLoginSecret"
      ]
    }
  ]
}
  • Example 2: Granting the permission to deny image pull
{
  "Version": "1.1",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": [
        "swr:repo:download"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "swr::createLoginSecret"
      ]
    }
  ]
}

Example 3: Allowing image pull over a specified source VPC

{
  "Version": "1.1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "swr:repo:download"
      ],
      "Condition": {
        "StringEquals": {
          "g:SourceVpc": [
            "0bfdf87b-7789-4851-801e-8e726b82beae"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "swr::createLoginSecret"
      ]
    }
  ]
}