0% found this document useful (0 votes)
84 views

Module 2 - Introduction To Amazon ECR

The document introduces Amazon Elastic Container Registry (ECR), an AWS service for storing and distributing container images. It describes the components of ECR including registries, repositories, images, and lifecycle policies. It also covers security features and integrating ECR with other AWS services.

Uploaded by

Nilesh Kadam
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
84 views

Module 2 - Introduction To Amazon ECR

The document introduces Amazon Elastic Container Registry (ECR), an AWS service for storing and distributing container images. It describes the components of ECR including registries, repositories, images, and lifecycle policies. It also covers security features and integrating ECR with other AWS services.

Uploaded by

Nilesh Kadam
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Introduction to Amazon Elastic

Container Registry
Containers Immersion Day: Module 2

© 2020, Amazon Web Services, Inc. or its Affiliates.


AWS container services landscape

Amazon Elastic
Management Amazon Elastic
Container Service
Deployment, Scheduling, Container Service
for Kubernetes
Scaling & Management of
containerized applications

Hosting Amazon EC2 AWS Fargate


Where the containers run

Image Registry Amazon Elastic


Container Image Repository Container Registry

© 2020, Amazon Web Services, Inc. or its Affiliates.


What are container image registries?

”A container image registry is a service that stores


container images, and is hosted either by a third-
party or as a public/private registry such
as Docker Hub, Quay, and so on [Amazon Elastic
Container Registry].”
https://wiki.aquasec.com/display/containers/Container+Image+Registries
Amazon Elastic
Container Registry

2020, Amazon Web Services, Inc. or its Affiliates.


© 2019,
The benefits of using Amazon ECR

Fully Managed Secure Highly Available Simplified Workflow

© 2020, Amazon Web Services, Inc. or its Affiliates.


Components of Amazon ECR

© 2020, Amazon Web Services, Inc. or its Affiliates.


Amazon ECR Registries

https://205094881157.dkr.ecr.us-west-2.amazonaws.com

Amazon
ECR
Amazon ECR Repositories

https://205094881157.dkr.ecr.us-west-2.amazonaws.com

Amazon
ECR
team-a/web-app team-b/web-app
Container Images

https://205094881157.dkr.ecr.us-west-2.amazonaws.com

Amazon
ECR
team-a/web-app team-b/web-app

My app OCI image


image OCI Artifacts
Container Images: Lifecycle policies

https://205094881157.dkr.ecr.us-west-2.amazonaws.com

My app
Amazon image
:1
ECR
team-a/web-app
My app
image
:<no tag>
My app
image
My app
image :3
Container Images: Lifecycle policies

https://205094881157.dkr.ecr.us-west-2.amazonaws.com

{
"rules": [
My app
{
"rulePriority": 1,
image
:1
"description": "Expire images older thanAmazon
14 days",
"selection": { ECR
team-a/web-app
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 14
My app
image
:<no tag>
},
My app "action": {
image "type": "expire"
My app
}
}
image :3
]
}
Container Images: Image scanning

https://205094881157.dkr.ecr.us-west-2.amazonaws.com

Amazon
ECR
team-a/web-app

My app
image
Amazon
EventBridge
Security in Amazon Elastic Container Registry

https://205094881157.dkr.ecr.us-west-2.amazonaws.com
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
Amazon "ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
ECR
team-a/web-app "ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings"
],
"Resource": "*"
Team B }
]
}
Security in Amazon Elastic Container Registry

https://205094881157.dkr.ecr.us-west-2.amazonaws.com
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPushPull",
"Effect": "Allow",
"Principal": { Amazon
"AWS": [
ECR
"arn:aws:iam::account-id:user/push-pull-user-1",
"arn:aws:iam::account-id:user/push-pull-user-2" team-b/web-app
]
Another AWS Account
},
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",

]
"ecr:CompleteLayerUpload" Team C
}
]
}
Questions?
Introduction to Amazon ECR

© 2020, Amazon Web Services, Inc. or its Affiliates.

You might also like