Central ECR for ECS in multiple accounts
A customer would like to have a central ECR. Is there a reference architecture, best practice to share?
- 최신
- 최다 투표
- 가장 많은 댓글
Below are a couple articles you can reference.
https://aws.amazon.com/premiumsupport/knowledge-center/secondary-account-access-ecr/
For your information, ECR now supports cross account image replication.
https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication.html
If the customer would like to distribute container images to the individual AWS account instead of using central ECR repository, this feature would be helpful for them.
Another alternative -- especially helpful if the ECR Policy get too big -- is to use the AWS:PrincipalOrgID condition to allow every account in the Organization to access the ECR Repository: check out this blog post showing how.
Beware: this allows all accounts in an Organization to access the ECR repository! Double check with your security team if this is allowed!
관련 콘텐츠
AWS 공식업데이트됨 일 년 전
