AWS ECR is a fully managed container registry service provided by AWS to store, access and manage container images.
Because working with it and integrating it into an environment differs in some points from other offerings, the overall setup is explained in the following.
System Integration
AWS ECR is a fully managed AWS Service an thus fully integrated into your account without the need to have dedicated servers running.
root360 secures that the docker hosts of your projects are able to get access to the registry and obtain images from their.
Identity and Access Management
To interact with the registry you will get 2 different sets of access credentials.
We decided to have actually 2 separate users with separated sets of permission in order to have only necessary permissions applied.
The user for
Management Access is the one most probably becoming a shared user with additional permissions over time
Daily Working Access only will ever have only the limited set of permissions to push/pull/list images and repositories of the registry
Management Access via AWS Console
The first access credentials you will get from root360 are
Name of User with access to the AWS Web Console
it's password (which must be changed on first login)
a Link to the AWS Web Console
With these you will have access to (at least) the Repositories Section of the AWS Container Service Web Console. From there you are able to manage your repositories within your registry by e.g.:
browse through your repositories and images
creating new repositories
deleting repositories or images
Daily work and CI/CD access
The second set of credentials are AWS CLI Credentials consisting of
Access Key ID
Secret Key ID
Region Name
With these credentials you will be able to configure the aws cli tool installed e.g. on your development workstation or used within your CI/CD pipeline.
They will allow you to:
authenticate
push/pull images
list images
How to's
How to install and configure aws cli on a workstation or linux server?