Amazon Elastic Container Registry (ECR) now supports PrivateLink Endpoint Policies, a capability that enables customers to better control access to Amazon ECR repositories and images using private endpoints. Previously customers were not able to explicitly define policies to deny or allow access based on IAM resource policies, but now customers can define granular, API level access to container image repositories.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/now-use-privatelink-endpoints-policies-better-control-amazon-ecr-access/