Policy actions in Amazon Elastic Container Registry (ECR) Public use the following prefix before the action: 'ecr-public:'. Ensure AmazonElasticContainerRegistryPublicFullAccess is not applied. Allowing FullAccess may lead to unauthorized privileged access. You can attach the AmazonElasticContainerRegistryPublicReadOnly policy to your IAM identities.
This policy grants read-only permissions to Amazon ECR Public. These permissions include the ability to describe public registries, to list and describe public repositories, to describe images within a public repository, and to pull images from Amazon ECR Public with the Docker CLI.
In AWS Console -