To configure ECR first select Amazon ECR from the new registry drop down
and then provide the following
- Registry Name - A unique name for this configuration
- Access Key ID - AWS accessKeyId
- Secret Access Key - AWS accessKeyId
- Region - AWS region
Codefresh makes sure to automatically refresh the AWS token for you.
Where are my keys?
In case you don't know where to get this data from please follow this [link]http://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys)
You need to have an active registry all set up in AWS.
Amazon ECR Push/Pull operations can be provide by two permission options: user-based and resource-based.
User-based permissions: User account need to apply AmazonEC2ContainerRegistryPowerUser policy (or custom based on that policy).
More information and examples can be found here (http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html)
For resource-based users require permissions to call ecr:GetAuthorizationToken before they can authenticate to a registry and push or pull any images from any Amazon ECR repository, than you need provide push/pull permissions to specific registry. More information and examples can be found here (http://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicies.html)
You can configure your Codefresh.yaml file directly by first providing
the following in the Environment Variables section of the Pipelines view
- AWS_REGISTRY - the registry url (including the repository name)
- AWS_ACCESS_KEY - your access key id
- AWS_SECRET_KEY - your secret key
- AWS_REGION - the region of your registry
and then you can reference those variables in your file like so
push_to_aws_ecr typepush descriptionFree text description candidate$ build_step tag$ CF_BRANCH provider'ecr' registry$ AWS_REGISTRY accessKeyId$ AWS_ACCESS_KEY secretAccessKey$ AWS_SECRET_KEY region$ AWS_REGION