This article will show you how to add your private ECR to Coder. If you're using a public ECR registry, you do not need to follow the steps below.
Amazon requires users to request temporary login credentials to access a private Elastic Container Registry (ECR) registry. When interacting with ECR, Coder will request temporary credentials from the registry using the AWS credentials linked to the registry.
Step 1: Setting up your AWS credentials
To access a private ECR registry, Coder needs AWS credentials (specifically your access key ID and secret access key) with authorization to access the provided registry. You can either use AWS credentials tied to your own AWS account or credentials tied to an IAM user specifically for Coder (we recommend the latter option).
Note that you are not limited to providing one single set of AWS credentials. For example, you can use a set of credentials with access to all of your ECR repositories, or you can use individual sets of credentials, each with access to a single repository.
To provision AWS credentials for Coder:
-
Optional: Create an IAM user for Coder to access ECR. You can either attach the AWS-managed policy
AmazonEC2ContainerRegistryReadOnly
to the user, or you can create your own. -
Create an access key for the IAM user to be used with Coder (if one does not already exist).
Step 2: Add your private ECR registry to Coder
You can add your private ECR registry at the same time that you add your images. To import an image:
-
In Coder, go to Images and click on Import Image in the upper-right.
-
In the dialog that opens, you'll be prompted to pick a registry. However, to add a registry, click Add a new registry located immediately below the registry selector.
-
Provide a registry name and the registry.
-
Set the registry kind to ECR and provide your Access Key ID and Secret Access Key.
-
Continue with the process of adding your image.
-
When done, click Import.