Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to correctly format a greengrass recipe for using a Private ECR Image - specifying the digest

0

The example greengrass recipe is attached:

{
  "RecipeFormatVersion": "2020-01-25",
  "ComponentName": "com.example.MyPrivateDockerComponent",
  "ComponentVersion": "1.0.0",
  "ComponentDescription": "A component that runs a Docker container from a private Amazon ECR image.",
  "ComponentPublisher": "Amazon",
  "ComponentDependencies": {
    "aws.greengrass.DockerApplicationManager": {
      "VersionRequirement": "~2.0.0"
    },
    "aws.greengrass.TokenExchangeService": {
      "VersionRequirement": "~2.0.0"
    }
  },
  "Manifests": [
    {
      "Platform": {
        "os": "all"
      },
      "Lifecycle": {
        "run": "docker run account-id.dkr.ecr.region.amazonaws.com/repository[:tag|@digest]"
      },
      "Artifacts": [
        {
          "URI": "docker:account-id.dkr.ecr.region.amazonaws.com/repository[:tag|@digest]"
        }
      ]
    }
  ]
}

How exactly is the "[:tag|@digest]" formatted?

Do I just include the tag and leave the digest blank and it is implied?

A full example would be helpful.

Topics
Internet of Things (IoT)Containers
Tags
Amazon Elastic Container ServiceAWS IoT Greengrass
Language
English
asked 3 years ago560 views
1 Answer
0
Accepted Answer

Hi Phil. Typically, you use one or the other. Drop the square brackets and the pipe. Some more information here: https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-pull-ecr-image.html

Using the example there, to specify the image with the latest tag: aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest. Or to get the tagged version 2016.09: aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:2016.09. Or by digest: aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux@sha256:f1d4ae3f7261a72e98c6ebefe9985cf10a0ea5bd762585a43e0700ed99863807.

AFAIK, you can also specify both, but if you do, only the digest will be used.

Tags and digests are not special to ECR. Tags are mutable, digests are not. Depending on who is publishing the image, you may prefer to use the digest to ensure you're getting a particular image.

AWS
EXPERT
answered 3 years ago
EXPERT
reviewed 3 years ago
EXPERT
reviewed 3 years ago
  • Phil Begg
    3 years ago

    Thanks Greg - makes complete sense now

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content