Amazon ECR Operations: Difference between revisions
Jump to navigation
Jump to search
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=External= | |||
=Internal= | =Internal= | ||
* [[Amazon ECR#Subjects|Amazon ECR]] | * [[Amazon ECR#Subjects|Amazon ECR]] | ||
=Command Line Operations= | |||
{{Internal|Amazon ECR Command Line Operations|Command Line Operations}} | |||
=Create Repository= | =Create Repository= | ||
| Line 11: | Line 17: | ||
Repository name: 673499572719.dkr.ecr.us-west-2.amazonaws.com/''<namespace>''/''<repository-name>'' | Repository name: 673499572719.dkr.ecr.us-west-2.amazonaws.com/''<namespace>''/''<repository-name>'' | ||
Example: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com. | Example: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com.uplift/playground/themyscira | ||
=Configure Permissions= | |||
An external user needs permissions to interact with a repository: push or pull images. To configure permissions: | |||
Select the repository in question -> Left Tab: Permissions -> Edit | |||
Statement Name: "122226676707 and 122226676707 General Access" | |||
Effect: Allow | |||
Principal: Everyone or AWS Account IDs (comma delimited list). Both work, and usually more restrictive is better from a security point of view. | |||
Actions: | |||
ecr:BatchCheckLayerAvailability | |||
ecr:BatchGetImage | |||
ecr:CompleteLayerUpload | |||
ecr:DescribeImages | |||
ecr:DescribeRepositories | |||
ecr:GetDownloadUrlForLayer | |||
ecr:InitiateLayerUpload | |||
ecr:ListImages | |||
ecr:PutImage | |||
ecr:UploadLayerPart | |||
If the following error occurs: | |||
error parsing HTTP 403 response body: unexpected end of JSON input: "" | |||
docker push failed | |||
it means "ecr:BatchCheckLayerAvailability" is missing. | |||
=Pull an Image Locally= | |||
docker pull 773499272710.dkr.ecr.us-west-2.amazonaws.com/example/unity/themyscira:latest | |||
Latest revision as of 22:29, 19 March 2019
External
Internal
Command Line Operations
Create Repository
AWS Console: ECR -> Repositories
Create Repository
Repository name: 673499572719.dkr.ecr.us-west-2.amazonaws.com/<namespace>/<repository-name>
Example: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com.uplift/playground/themyscira
Configure Permissions
An external user needs permissions to interact with a repository: push or pull images. To configure permissions:
Select the repository in question -> Left Tab: Permissions -> Edit
Statement Name: "122226676707 and 122226676707 General Access"
Effect: Allow
Principal: Everyone or AWS Account IDs (comma delimited list). Both work, and usually more restrictive is better from a security point of view.
Actions:
ecr:BatchCheckLayerAvailability ecr:BatchGetImage ecr:CompleteLayerUpload ecr:DescribeImages ecr:DescribeRepositories ecr:GetDownloadUrlForLayer ecr:InitiateLayerUpload ecr:ListImages ecr:PutImage ecr:UploadLayerPart
If the following error occurs:
error parsing HTTP 403 response body: unexpected end of JSON input: "" docker push failed
it means "ecr:BatchCheckLayerAvailability" is missing.
Pull an Image Locally
docker pull 773499272710.dkr.ecr.us-west-2.amazonaws.com/example/unity/themyscira:latest