0

I need to connect EC2 instances on one region with ECR repositories on another region using IAM policies

I tried using the AmazonEC2ContainerRegistryFullAccess policy but this only allows you to connect the EC2 instances with the ECR of the same region

I expect to be able to download docker containers with kubectl without using a docker login, as happens in the same region.

matt
  • 1
  • 1
  • these links might help you to start: [example from aws docs](https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html#IAM_allow_other_accounts), [fargate example from SO](https://stackoverflow.com/a/52934781/842075). Basically you need to setup policies in both accounts. – Molecular Man Apr 30 '19 at 09:49
  • Thanks for the comment, but I need a cross region policy non cross account policy. Is there any way to modify the latter for this purpose? – matt Apr 30 '19 at 09:59
  • apparently it's not supported https://aws.amazon.com/ecr/faqs/ `Q: Does Amazon ECR replicate images across regions? No. Amazon ECR is designed to give you flexibility in where you store and how you deploy your images. You can create deployment pipelines that build images, push them to Amazon ECR in selected regions, and then deploy the images to your Docker cluster.`. Is pushing to two regions an option? – Molecular Man Apr 30 '19 at 10:08
  • thank you very much, I will find another way – matt Apr 30 '19 at 10:38

0 Answers0