Direkt zum Inhalt
Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post
Über re:Post

Is ECR cross-account access allowed in GovCloud?

1

Does anyone know if ECR cross-account access is allowed in GovCloud? The Lambda doc (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-lambda.html) states it's not possible, but the ECR doc (https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-ecs.html) doesn't mention it either way. I know we recently launched cross-account/region support for ECR replication in GovCloud, but not sure about cross-account access for image sharing

Themen
Behälter
Tags
Amazon Elastischer Container-Registry (ECR)
Sprache
English
gefragt vor 4 Monaten94 Aufrufe
2 Antworten
6
Akzeptierte Antwort

Yes but you need to watch out for:

  • Repository policies must be explicit: You’ll need to enumerate account IDs in your ECR repository policy to grant access.
  • Lambda service principal quirks: Lambda accesses ECR as a service principal, so aws:PrincipalOrgID conditions won’t work — you’ll need to use aws:sourceArn and service-specific conditions.
  • GovCloud limitations: Public registries and pull-through cache rules are not supported in GovCloud.
EXPERTE
beantwortet vor 4 Monaten
1
  • ECR repositories in GovCloud support resource-based policies, so you can share images across GovCloud accounts.
  • However, Lambda in GovCloud does NOT support pulling images cross-account, even if ECR allows it.
  • For cross-account usage, you’d either: replicate images to the other account’s ECR repo, or use ECS or other services that support pulling images cross-account (and have correct IAM permissions).
beantwortet vor 4 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Relevanter Inhalt