Why Can't I Pull Google Artifact Registry Docker Images Build with Google Cloud Build?

3.6k Views Asked by jose fernandez At 16 November 2025 at 09:27

I created a Docker image ($DOCKER_IMAGE_NAME) using Google Cloud Build (GCB). I don't seem to be able to pull $DOCKER_IMAGE_NAME:

docker pull us-central1-docker.pkg.dev/. . ./$DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG

#=>

Error response from daemon: Get https://us-central1-docker.pkg.dev/. . ./$DOCKER_IMAGE_NAME/v1: denied: Permission "artifactregistry.repositories.downloadArtifacts"denied on resource "projects/. . ./$DOCKER_REPOSITORY_NAME" (or it may not exist)

How can I pull $DOCKER_IMAGE_NAME?

Original Q&A

There are 3 best solutions below

Gerb On 25 November 2020 at 16:06

The error message seems to indicate that you need to grant permissions.

You will need to run the add-iam-policy-binding command:

gcloud projects add-iam-policy-binding $PROJECT \
--member=$MEMBER \
--role=$ROLE

where $ROLE is artifactregistry.repositories.downloadArtifacts.

See this for more information.

Devang Pandya On 13 May 2022 at 09:23

You also need to add role related to Artifact to your service account. Even if your service account has a owner role it wont work because GCP artifact repo has its own permissions boundary.

PCatinean On 03 March 2023 at 13:59

I saw the setup instructions from artifact registry at a later time (migrated from container registry) and it's needd to specify the region gcloud auth configure-docker europe-west1-docker.pkg.dev

Why Can't I Pull Google Artifact Registry Docker Images Build with Google Cloud Build?

There are 3 best solutions below

Related Questions in DOCKER

Related Questions in GCLOUD

Related Questions in GOOGLE-CLOUD-BUILD

Related Questions in GOOGLE-CLOUD-IAM

Related Questions in GOOGLE-ARTIFACT-REGISTRY

Trending Questions

Popular # Hahtags

Popular Questions