Docker push to AWS ECR private repo failing with malformed JSON

Ran into the same issue. For me, ensuring that the IAM user I was pushing as had the ecr:BatchCheckLayerAvailability permission cleared this up.

I had originally intended to have a "push-only" policy and didn't realize this permission was required to push successfully.

Minimal policy you need:

{  "Version": "2012-10-17",  "Statement": [    {      "Sid": "",      "Effect": "Allow",      "Action": "ecr:GetAuthorizationToken",      "Resource": "*"    },    {      "Sid": "",      "Effect": "Allow",      "Action": [        "ecr:UploadLayerPart",        "ecr:PutImage",        "ecr:InitiateLayerUpload",        "ecr:CompleteLayerUpload",        "ecr:BatchCheckLayerAvailability"      ],      "Resource": "arn:aws:ecr:<your region>:<your account id>:repository/<your repository name>"    }  ]}

In addition to @Ethan's answer: I tried to find minimal set of permissions which are needed to push a docker image to AWS registry. As of today, the minimal set is:

    {        "Sid": "PushToEcr",        "Effect": "Allow",        "Action": [            "ecr:BatchCheckLayerAvailability",            "ecr:CompleteLayerUpload",            "ecr:GetAuthorizationToken",            "ecr:InitiateLayerUpload",            "ecr:PutImage",            "ecr:UploadLayerPart"        ],        "Resource": "*"    }

As far as I understood Resource must be * because some of those actions do not work otherwise.Improvements are welcome!