Skip to main content

AWS ECR

Defines the settings for AWS ECR integration, including CI/CD and assets

Type: ecr

Properties

NameTypeDescriptionRequired
ci
(CI/CD Image Push Configuration)		objectSet up credentials for writing and pushing Docker images to ECR as part of your CI/CD pipelines
yes
read
(Cross-Account Pull Access)		objectConfigure permissions for pulling Docker images from a centralized ECR repository across AWS accounts
no
setup
(Storage configuration)		objectConfigure base settings for storing Docker builds in your ECR repository
yes

Additional Properties: not allowed
Example

{
    "ci": {
        "region": "us-east-1"
    },
    "read": {
        "region": "us-east-1",
        "role_arn": "arn:aws:iam::123456789012:role/ecr-read-role"
    },
    "setup": {
        "region": "us-east-1",
        "role_arn": "arn:aws:iam::123456789012:role/ecr-access-role",
        "naming_rule": "\"\\(.namespace.slug)/\\(.application.slug)\""
    }
}

ci: CI/CD Image Push Configuration

Set up credentials for writing and pushing Docker images to ECR as part of your CI/CD pipelines

Properties

NameTypeDescriptionRequired
region
(AWS Region)		stringAWS region for CI/CD operations
Enum: "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-central-1", "eu-north-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "ap-south-1", "sa-east-1", "ca-central-1", "me-south-1", "af-south-1"
yes
access_keystringAWS access key for CI/CD pipeline
Minimal Length: 20
Maximal Length: 20
Pattern: ^[A-Z0-9]{20}$
no
secret_keystringAWS secret key for CI/CD pipeline
Minimal Length: 1
no

Additional Properties: not allowed
Example

{
    "region": "us-east-1"
}

read: Cross-Account Pull Access

Configure permissions for pulling Docker images from a centralized ECR repository across AWS accounts

Properties

NameTypeDescriptionRequired
region
(ECR Region)		stringAWS region where the centralized Amazon ECR repository is located
Enum: "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-central-1", "eu-north-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "ap-south-1", "sa-east-1", "ca-central-1", "me-south-1", "af-south-1"
role_arn
(Assume Role ARN)		stringIntermediate IAM role ARN that will be assumed to pull Docker images from the centralized ECR repository
Minimal Length: 1
Pattern: ^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9+=,.@_-]+$

Additional Properties: not allowed
Example

{
    "region": "us-east-1",
    "role_arn": "arn:aws:iam::123456789012:role/ecr-read-role"
}

setup: Storage configuration

Configure base settings for storing Docker builds in your ECR repository

Properties

NameTypeDescriptionRequired
policy
(Repository Policy)		stringECR repository access policy as a JSON string
no
region
(AWS Region)		stringAWS region for ECR
Enum: "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-central-1", "eu-north-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "ap-south-1", "sa-east-1", "ca-central-1", "me-south-1", "af-south-1"
yes
role_arnstringAWS IAM role ARN for ECR access
Minimal Length: 1
Pattern: ^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9+=,.@_-]+$
no
external_id
(Role External ID)		stringExternal ID for the main IAM role
Minimal Length: 1
no
naming_rulestringSpecifies the naming convention for the ECR repository.
The following jq context variables are available: account, namespace, and application
Default: "\"\\(.namespace.slug)/\\(.application.slug)\""
no
intermediate_rolestringIntermediate IAM role for cross-account access
Minimal Length: 1
Pattern: ^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9+=,.@_-]+$
no
intermediate_external_id
(Intermediate Role External ID)		stringExternal ID for the intermediate IAM role
Minimal Length: 1
no

Additional Properties: not allowed
Example

{
    "region": "us-east-1",
    "role_arn": "arn:aws:iam::123456789012:role/ecr-access-role",
    "naming_rule": "\"\\(.namespace.slug)/\\(.application.slug)\""
}