Elastic Container Registry (ECR)
Connect a new Registry
- Create an AWS IAM User and grant it read-only access to the ECR registry. You can do this with the
awstool with the following commands:
$ aws iam create-user --user-name prodvana-ecr-readonly
Save the following IAM policy to a file ProdvanaECRReadonly.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings",
"ecr:DescribeRegistry"
],
"Resource": "*"
}
]
}
$ aws iam put-user-policy --user-name prodvana-ecr-readonly --policy-name ProdvanaECRReadonly --policy-document file://ProdvanaECRReadonly.json
There are many ways to configure IAM permissions to grant ECR access. You can find more details here. Prodvana's integration requires
ecr:DescribeRegistryin addition to the permissions required for fetching images.
- Generate access credentials (a Key ID and Secret Key pair):
$ aws iam create-access-key --user-name prodvana-ecr-readonly
This command will output an AccessKeyId and SecretAccessKey.
- Now to link the registry in Prodvana:
- Go to your Organization's integration page https://my-demo-organization.runprodvana.com
- Click the "Add Registry" button and select "Amazon ECR" from the dropdown.
- In the pop-up form, fill in the values:
Name: The name Prodvana will use to reference this registryAccess Key ID: Use the key ID we generated above.Access Secret Key: Use the secret key we generated above.Region: The AWS region where this Registry is located, you can find it in the registry's URL:<AWS Account ID>.dkr.ecr.<Region>.amazonaws.com- Click "Save"
See Also
Identity and Access Management for Amazon Elastic Container Registry
Updated about 1 year ago