By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ECR Cross Region Replication to New Region

1

Hi I currently have ECR cross region replication configured for multiple repositories and it works well across 6 regions. I need to add a new region as a destination for the replication. I found the following request, https://github.com/aws/containers-roadmap/issues/1252, which is what I'm looking for, however it's in the proposed state, so not likely to be implemented soon. There is a workaround in the comments https://github.com/aws/containers-roadmap/issues/1252#issuecomment-833878176 which involves creating a temporary tag using the image manifest, deleting the original tag then using put-image for the original tag using the manifest, which triggers the replication. Finally cleaning up the temp tag at the source and all the destination regions.

I've tested it and the solution works, but wondered if there is a better solution or there is an issue with deleting and pushing the same image tag? A couple of things I don't really like is the original image is deleted and recreated so will be unavailable for a short time. Also, the temp tag is replicated to all existing regions incurring a cross-region data transfer charge for every region not just the new region. Another solution would be to create some infrastructure in the source region, pull the image and push to the new registry which wouldn't require deleting the tag and would cost slightly less as I would only need to pay one cross region data transfer charge

Topics
ContainersDevOps
Tags
Amazon Elastic Container Registry (ECR)ContainersDevOps
Language
English
profile pictureAWS
Peter Grainger
asked a year ago560 views
1 Answer
4
Accepted Answer

I have performed some research into your situation and have performed some testing in my personal lab environment. In this case, due to the current limitations of cross region replication, there are 2 options that I could think of. I have listed them below along with my thoughts:

    1. The workaround detailed in the GitHub request you mentioned. This involved creating a temp tag, deleting original image, using put-image thus triggering replication, then cleaning up the temp tags from source and destination registries in affected regions. This option is valid and there is no issue with deleting an image tag and then pushing the same tag again. Obviously, there are data transfer charges involved here as you already mentioned which cannot be avoided. Also there will be some downtime as you will be deleting images from the repos and recreating them.*
    1. The other option you mentioned is to create the destination registry, then pull down the images from the source registry and, then push into the destination registry. Then enable the additional region replication on the source registry so, moving forward, new images/tags will be replicated automatically. Only one set of data transfer charges would be needed here to push images to the new registry. Also there would be no downtime on the source registry as no images are being deleted.

I'd recommend the second option since this has less impact on users of the registry and there is less risk of things being deleted accidentally. However, since there is manual manipulation of the images there is still risk something is missed when pushing the images to the new registry in the new region. Creating a script to automate this will help reduce risk.

profile picture
EXPERT
Govind Kumar
answered a year ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content