Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

AWS Greengrass v2 pull docker images from private a ECR registry in a different account

0

Hi,

I am currently deploying docker images using Greengrass Core v2 (GGC) to my edge devices. The docker images and GGC devices are located in the same account. This is working fine with the help of the aws.greengrass.DockerApplicationManager and aws.greengrass.TokenExchangeService components.

Now, I was wondering if it is possible to deploy or pull docker images from a private ECR Registry in a different AWS account than the GGC device. I wouldn't currently know how and where to set appropriate permissions to allow this.

As a workaround, I would otherwise consider the approach of cross-account replication. However, if there is a simpler way, I would be pleased to hear about it.

Thanks in advance!

Temas
Internet de las cosas (IoT)Seguridad, identidad y cumplimientoContenedores
Etiquetas
AWS IoT GreengrassSeguridad, identidad y cumplimientoAmazon Elastic Container ServiceContenedores
Idioma
English
Phillipp
preguntada hace un año370 visualizaciones
1 Respuesta
1
Respuesta aceptada

Greengrass doesn't support this directly. Using the builtin Docker image pulling support that Greengrass provides, your image must be in the same account and region that the Greengrass device is registered in.

You may be able to download the image yourself by using the appropriate commands in your component recipe, but not in a directly provided and supported way. See the ECR documentation for downloading images yourself: https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-pull-ecr-image.html

AWS
EXPERTO
MichaelDombrowski-AWS
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante