Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Fetching Concourse Docker resources from ECR

Tags:

concourse

I'm trying to use a Docker resource that is stored in an AWS EC2 Container service repository (ECR). Config looks like:

- name: my-docker-resource
  type: docker-image
  source:
    repository: account-id.dkr.ecr.eu-west-1.amazonaws.com/my-repo
    tag: d196e5688d
    aws_access_key_id: ((docker-aws-access-key-id))
    aws_secrey_access_key: ((docker-aws-secret-access-key))

When I run a pipeline that does get on this resource, I see "no versions available".

I tried to verify that the credentials I'm using is allowed to access the repo:

$(aws ecr get-login --no-include-email --profile concourse)
You must specify a region. You can also configure your region by running "aws configure".

So question 1: How do I tell the resource which region to use? Does it guess from the repo URL? Providing the region seems to indicate credentials have enough privileges:

$(aws ecr get-login --no-include-email --profile concourse --region eu-west-1)
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

I then try to pull the repo. Works on my machine (tm). Pipeline still says "no versions available".

I read somewhere that custom repos need to explicitly state the port, so I also tried account-id.dkr.ecr.eu-west-1.amazonaws.com:5000, but to no avail. Using that in the tag also does not work at all locally.

Any pointers?

like image 495
Christian Johansen Avatar asked Jun 07 '26 15:06

Christian Johansen

1 Answers

Two things pop out:

  • The concourse docker image resource has been through many changes, with some versions not working with ECR. The version of docker-image bundled with your concourse may be out of date. You can reference the latest version by declaring a custom resource type:

resource_types:
  # Override the built-in docker-image to get a recent version
  - name: latest-docker-image
    type: docker-image
    source:
      repository: concourse/docker-image-resource
      tag: latest
resources:
  - name: my-docker-resource
    type: latest-docker-image
  • The port is required, and it's usually 443. Try: 

- name: my-docker-resource
  type: docker-image
  source:
    repository: account-id.dkr.ecr.eu-west-1.amazonaws.com:443/my-repo
    tag: d196e5688d
    aws_access_key_id: ((docker-aws-access-key-id))
    aws_secrey_access_key: ((docker-aws-secret-access-key))
like image 155
phillbaker Avatar answered Jun 10 '26 09:06

phillbaker
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!