Amazon ECR Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
=Internal=
=Internal=


* [[Amazon ECR#Subjects|Amazon ECR]]
* [[Amazon ECR#Subjects|Amazon ECR]]
=Command Line Operations=
{{Internal|Amazon ECR Command Line Operations|Command Line Operations}}


=Create Repository=
=Create Repository=
Line 11: Line 17:
Repository name: 673499572719.dkr.ecr.us-west-2.amazonaws.com/''<namespace>''/''<repository-name>''
Repository name: 673499572719.dkr.ecr.us-west-2.amazonaws.com/''<namespace>''/''<repository-name>''


Example: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com.example/playground-themyscira
Example: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com.uplift/playground/themyscira
 
=Configure Permissions=
 
An external user needs permissions to interact with a repository: push or pull images. To configure permissions:
 
Select the repository in question -> Left Tab: Permissions -> Edit
 
Statement Name: "122226676707 and 122226676707 General Access"
 
Effect: Allow
 
Principal: Everyone or AWS Account IDs (comma delimited list). Both work, and usually more restrictive is better from a security point of view.
 
Actions:
 
ecr:BatchCheckLayerAvailability
ecr:BatchGetImage
ecr:CompleteLayerUpload
ecr:DescribeImages
ecr:DescribeRepositories
ecr:GetDownloadUrlForLayer
ecr:InitiateLayerUpload
ecr:ListImages
ecr:PutImage
ecr:UploadLayerPart
 
If the following error occurs:
 
error parsing HTTP 403 response body: unexpected end of JSON input: ""
docker push failed
 
it means "ecr:BatchCheckLayerAvailability" is missing.
 
=Pull an Image Locally=
 
docker pull 773499272710.dkr.ecr.us-west-2.amazonaws.com/example/unity/themyscira:latest

Latest revision as of 22:29, 19 March 2019

External

Internal

Command Line Operations

Command Line Operations

Create Repository

AWS Console: ECR -> Repositories

Create Repository

Repository name: 673499572719.dkr.ecr.us-west-2.amazonaws.com/<namespace>/<repository-name>

Example: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com.uplift/playground/themyscira

Configure Permissions

An external user needs permissions to interact with a repository: push or pull images. To configure permissions:

Select the repository in question -> Left Tab: Permissions -> Edit

Statement Name: "122226676707 and 122226676707 General Access"

Effect: Allow

Principal: Everyone or AWS Account IDs (comma delimited list). Both work, and usually more restrictive is better from a security point of view.

Actions:

ecr:BatchCheckLayerAvailability
ecr:BatchGetImage
ecr:CompleteLayerUpload
ecr:DescribeImages
ecr:DescribeRepositories
ecr:GetDownloadUrlForLayer
ecr:InitiateLayerUpload
ecr:ListImages
ecr:PutImage
ecr:UploadLayerPart

If the following error occurs:

error parsing HTTP 403 response body: unexpected end of JSON input: ""
docker push failed

it means "ecr:BatchCheckLayerAvailability" is missing.

Pull an Image Locally

docker pull 773499272710.dkr.ecr.us-west-2.amazonaws.com/example/unity/themyscira:latest