# Configure AWS Elastic Container Registry There are two options to configure access to AWS-ECR private registry: CloudFormation Template and Configure Manually ### Manual Configuration This configuration allows you to enter the accountID, accessToken, secretkey and Region. This would allow Lineaje to get access to your organization’s private ECR registry. For security reasons, Lineaje recommends creating new user with cross account role. Follow the below steps to create a new user: * Go to the AWS console and login using your organization credentials * Navigate to Identity and Access Management (IAM) and click Users * Add users, then enter the user name

* For the AWS credential type, press Access key - Programmatic access then set permissions. There are two required permissions you will need to set: * AmazonEC2ContainerRegistryFullAccess * AmazonElasticContainerRegistryPublicFullAccess

* Skip Tags Tab * Review Tab

* Final tab will provide you the access key id and secret access key

### IAM CloudFormation Template The CloudFormation Template (CFT) option needs a CFT file to be uploaded. * Download the sample CFT file * Go to the AWS console and login using your organization credentials * Go to the AWS *sign-in page* ; * Click the buttons Create Stack -> With New Resources

* Leave the Prepare Template setting as-is * For Template source select Upload a template file * Click Choose file and select the CloudFormation template you downloaded and click Next

* For Stack name use SBOM360-ECR-Permissions-Stack and click Next

* For Configure Stack Options, it is recommended to use configuring tags, which are key-value pairs that can help you identify your stacks and the resources they create. You will not have to use additional permissions or advanced options so click Next. * For Review * Scroll down to the bottom of the page and select "I acknowledge that AWS CloudFormation might create IAM resources with custom names." * Click Create Stack

* You will be taken to the CloudFormation stack status page, showing the stack creation in progress * Click on the Events tab and watch the CloudFormation events as they form the IAM Role * Click on the Outputs tab and copy the value of the EcrIntegrationRoleARN key

* It should look similar to the following key - arn:aws:iam:/sbom360/SBOM360\_ECR\_Role * Upload the updated CFT in the configure step * By clicking on Test Connection, the connection will be tested against the credentials --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veedna.com/sbom360-osm/generate-an-sbom/container-image-as-source/private-container-image/configure-aws-elastic-container-registry.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.