Menu
I have two accounts - Account A and Account B. In account A, I have a policy with a user from account B can interact with Account A. I have a repository in both accounts. Account B doesn't have a policy set ( Not sure if I need a policy for Account A to interact with it).
My question is how do I push ecr images from Account A into Account B. I would like a copy of Account A image into Account B. Is this possible.
611
To push a Docker image to an Amazon ECR repositoryAuthenticate your Docker client to the Amazon ECR registry to which you intend to push your image. Authentication tokens must be obtained for each registry used, and the tokens are valid for 12 hours. For more information, see Private registry authentication.
In order to transfer a Docker image from one server to another, what you need to do is first export the image to a file, then copy that file over from your current server to the new one using scp or rsync and finally load the image to your new server.
This is not a currently supported feature of ECR so you would need to perform the following steps to migrate from one account to another:
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com - Run this for the source accountdocker pull $SOURCE_IMAGE:$VERSION - Pull the latest tag down to your localdocker tag $SOURCE_IMAGE:$VERSION $TARGET_IMAGE:$VERSION - Tag a new image based on the original source imageaws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com - Run this for the target accountdocker push $TARGET_IMAGE:$VERSION - Push the docker image upto the target ECR account.
112
If you want to move all repositry from particularly region to another account (Destination account) then use below script.
#!/bin/bash
TARGET_ACCOUNT_REGION="us-west-2"
DESTINATION_ACCOUNT_REGION="us-west-2"
DESTINATION_ACCOUNT_BASE_PATH="123456.dkr.ecr.$DESTINATION_ACCOUNT_REGION.amazonaws.com/"
REPO_LIST=($(aws ecr describe-repositories --query 'repositories[].repositoryUri' --output text --region $TARGET_ACCOUNT_REGION))
REPO_NAME=($(aws ecr describe-repositories --query 'repositories[].repositoryName' --output text --region $TARGET_ACCOUNT_REGION))
for repo_url in ${!REPO_LIST[@]}; do
echo "star pulling image ${REPO_LIST[$repo_url]} from Target account"
docker pull ${REPO_LIST[$repo_url]}
# Create repo in destination account, remove this line if already created
aws ecr create-repository --repository-name ${REPO_NAME[$repo_url]}
docker tag ${REPO_LIST[$repo_url]} $DESTINATION_ACCOUNT_BASE_PATH/${REPO_NAME[$repo_url]}
docker push $DESTINATION_ACCOUNT_BASE_PATH/${REPO_NAME[$repo_url]}
done
Make sure you already obtain login token for both account or add these command in the script.
aws ecr get-login-password --region $TARGET_ACCOUNT_REGION | docker login --username AWS --password-stdin ${REPO_LIST[$repo_url]}
# destination account login, make sure profile set for accoutn destination
aws ecr get-login-password --region $DESTINATION_ACCOUNT_REGION --profile destination_account | docker login --username AWS --password-stdin ${REPO_LIST[$repo_url]}
aws-cli-cheatsheet
Or you can use one of them
Amazon ECR uses registry settings to configure features at the registry level. The private registry settings are configured separately for each Region. Currently, the only registry setting is the replication setting, which is used to configure cross-Region and cross-account replication of the images in your repositories
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
