GuidesAPI Reference
Log In

Elastic Container Registry (ECR)

Connect a new Registry

  1. Create an AWS IAM User and grant it read-only access to the ECR registry. You can do this with the aws tool with the following commands:
$ aws iam create-user --user-name prodvana-ecr-readonly

Save the following IAM policy to a file ProdvanaECRReadonly.json

    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Action": [
            "Resource": "*"
$ aws iam put-user-policy --user-name prodvana-ecr-readonly --policy-name ProdvanaECRReadonly --policy-document file://ProdvanaECRReadonly.json


There are many ways to configure IAM permissions to grant ECR access. You can find more details here. Prodvana's integration requires ecr:DescribeRegistry in addition to the permissions required for fetching images.

  1. Generate access credentials (a Key ID and Secret Key pair):
$ aws iam create-access-key --user-name prodvana-ecr-readonly

This command will output an AccessKeyId and SecretAccessKey.

  1. Now to link the registry in Prodvana:
  • Go to your Organization's integration page
  • Click the "Add Registry" button and select "Amazon ECR" from the dropdown.

  • In the pop-up form, fill in the values:
    • Name: The name Prodvana will use to reference this registry
    • Access Key ID: Use the key ID we generated above.
    • Access Secret Key: Use the secret key we generated above.
    • Region: The AWS region where this Registry is located, you can find it in the registry's URL: <AWS Account ID>.dkr.ecr.<Region>
    • Click "Save"

See Also

Identity and Access Management for Amazon Elastic Container Registry