- Newest
- Most votes
- Most comments
Hello.
As stated in the documentation below, ECR public repositories do not support VPC endpoints.
So try using pull-through caching rules as described in the documentation.
Creating a pull-through cache rule allows you to copy container images from an ECR public repository to an ECR private repository and then pull images from that private repository.
https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html
VPC endpoints currently don't support Amazon ECR Public repositories. Consider using a pull through cache rule to host the public image in a private repository in the same Region as the VPC endpoint. For more information, see Sync an upstream registry with an Amazon ECR private registry.
To add to the question, EC2 is created through the cloudformation template, and the image address has been configured in the cloudformation template. If there is no way to connect to ECR Public Gallery through VPCE, is there a way to configure the routing table to allow ECR Public Gallery request to pass through NAT, but only allow access to ECR Public Gallery through NAT, and no other requests?
It might be possible to do this using Network Firewall, but it would be more complicated to set up, so I think it would be better to use ECR's pull-through caching rules.
https://docs.aws.amazon.com/ja_jp/network-firewall/latest/developerguide/arch-igw-ngw.html
Relevant content
- asked 2 years ago
- asked 2 years ago
