GuidesAPI Reference
Log In

Elastic Container Registry (ECR)

Connect a new Registry

  1. Create an AWS IAM User and grant it read-only access to the ECR registry. You can do this with the aws tool with the following commands:
$ aws iam create-user --user-name prodvana-ecr-readonly

Save the following IAM policy to a file ProdvanaECRReadonly.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:GetRepositoryPolicy",
                "ecr:DescribeRepositories",
                "ecr:ListImages",
                "ecr:DescribeImages",
                "ecr:BatchGetImage",
                "ecr:GetLifecyclePolicy",
                "ecr:GetLifecyclePolicyPreview",
                "ecr:ListTagsForResource",
                "ecr:DescribeImageScanFindings",
              	"ecr:DescribeRegistry"
            ],
            "Resource": "*"
        }
    ]
}
$ aws iam put-user-policy --user-name prodvana-ecr-readonly --policy-name ProdvanaECRReadonly --policy-document file://ProdvanaECRReadonly.json

πŸ“˜

There are many ways to configure IAM permissions to grant ECR access. You can find more details here. Prodvana's integration requires ecr:DescribeRegistry in addition to the permissions required for fetching images.

  1. Generate access credentials (a Key ID and Secret Key pair):
$ aws iam create-access-key --user-name prodvana-ecr-readonly

This command will output an AccessKeyId and SecretAccessKey.

  1. Now to link the registry in Prodvana:
  • Go to your Organization's integration page https://my-demo-organization.runprodvana.com
  • Click the "Add Registry" button and select "Amazon ECR" from the dropdown.

  • In the pop-up form, fill in the values:
    • Name: The name Prodvana will use to reference this registry
    • Access Key ID: Use the key ID we generated above.
    • Access Secret Key: Use the secret key we generated above.
    • Region: The AWS region where this Registry is located, you can find it in the registry's URL: <AWS Account ID>.dkr.ecr.<Region>.amazonaws.com
    • Click "Save"

See Also

Identity and Access Management for Amazon Elastic Container Registry