Configure AWS Elastic Container Registry
Provide credentials to access private ECR
Last updated
Provide credentials to access private ECR
Last updated
There are two options to configure access to AWS-ECR private registry: CloudFormation Template and Configure Manually
This configuration allows you to enter the accountID, accessToken, secretkey and Region. This would allow Lineaje to get access to your organization’s private ECR registry.
For security reasons, Lineaje recommends creating new user with cross account role. Follow the below steps to create a new user:
Go to the AWS console and login using your organization credentials
Navigate to Identity and Access Management (IAM) and click Users
Add users, then enter the user name
For the AWS credential type, press Access key - Programmatic access then set permissions. There are two required permissions you will need to set:
AmazonEC2ContainerRegistryFullAccess
AmazonElasticContainerRegistryPublicFullAccess
Skip Tags Tab
Review Tab
Final tab will provide you the access key id and secret access key
The CloudFormation Template (CFT) option needs a CFT file to be uploaded.
Download the sample CFT file
Go to the AWS console and login using your organization credentials
Go to the AWS sign-in page https://console.aws.amazon.com/cloudformation
Click the buttons Create Stack -> With New Resources
Leave the Prepare Template setting as-is
For Template source select Upload a template file
Click Choose file and select the CloudFormation template you downloaded and click Next
For Stack name use SBOM360-ECR-Permissions-Stack and click Next
For Configure Stack Options, it is recommended to use configuring tags, which are key-value pairs that can help you identify your stacks and the resources they create. You will not have to use additional permissions or advanced options so click Next.
For Review
Scroll down to the bottom of the page and select "I acknowledge that AWS CloudFormation might create IAM resources with custom names."
Click Create Stack
You will be taken to the CloudFormation stack status page, showing the stack creation in progress
Click on the Events tab and watch the CloudFormation events as they form the IAM Role
Click on the Outputs tab and copy the value of the EcrIntegrationRoleARN key
It should look similar to the following key - arn:aws:iam:/sbom360/SBOM360_ECR_Role
Upload the updated CFT in the configure step
By clicking on Test Connection, the connection will be tested against the credentials
