Docker push to AWS ECR private repo failing with malformed JSON

Minimal policy you need:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "ecr:GetAuthorizationToken",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "ecr:UploadLayerPart",
        "ecr:PutImage",
        "ecr:InitiateLayerUpload",
        "ecr:CompleteLayerUpload",
        "ecr:BatchCheckLayerAvailability"
      ],
      "Resource": "arn:aws:ecr:<your region>:<your account id>:repository/<your repository name>"
    }
  ]
}

Ran into the same issue. For me, ensuring that the IAM user I was pushing as had the ecr:BatchCheckLayerAvailability permission cleared this up.

I had originally intended to have a "push-only" policy and didn't realize this permission was required to push successfully.