I've two accounts: Account A and Account B. I would like to run an image from ECR at Account A on EKS on Account B.
I'm a bit confused on how to give the EKS the permissions. At first I thought of creating a docker-registry in the EKS with User role. But, as I read more I understood that it's not the way.
Have anyone tried it before?
You can use your Amazon ECR images with Amazon EKS, but you need to satisfy the following prerequisites. For Amazon EKS workloads hosted on managed or self-managed nodes, the Amazon EKS worker node IAM role ( NodeInstanceRole ) is required.
To get started you simply enable replication, choose the destination accounts and regions you want ECR to copy images to. After this, every time you push an image to the private repository, ECR automatically replicates the image.
First, your EKS needs to have IAM permissions to do these operations as if they were performed agains ECR in the same account.
Second, you need to allow the other account to access the ECR repository. You can do this by logging into management console of the account that hosts the ECR. Go to ECR
-> click on the repository that you want to make accessible by the other account -> on the left panel, click on permissions
-> click edit
-> click add statement
-> fill in AWS account IDs - optional
field with the account number of your second account, leave the rest untouched -> click save
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With