Docker image assets deployed to ECR
Project description
AWS CDK Docker Image Assets
---This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.
This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.
This module allows bundling Docker images as assets.
Images are built from a local Docker context directory (with a Dockerfile
),
uploaded to ECR by the CDK toolkit and/or your app's CI-CD pipeline, and can be
naturally referenced in your CDK app.
# Example may have issues. See https://github.com/aws/jsii/issues/826
from aws_cdk.aws_ecr_assets import DockerImageAsset
asset = DockerImageAsset(self, "MyBuildImage",
directory=path.join(__dirname, "my-image")
)
The directory my-image
must include a Dockerfile
.
This will instruct the toolkit to build a Docker image from my-image
, push it
to an AWS ECR repository and wire the name of the repository as CloudFormation
parameters to your stack.
Use asset.imageUri
to reference the image (it includes both the ECR image URL
and tag.
You can optionally pass build args to the docker build
command by specifying
the buildArgs
property:
# Example may have issues. See https://github.com/aws/jsii/issues/826
asset = DockerImageAsset(self, "MyBuildImage",
directory=path.join(__dirname, "my-image"),
build_args={
"HTTP_PROXY": "http://10.20.30.2:1234"
}
)
You can optionally pass a target to the docker build
command by specifying
the target
property:
# Example may have issues. See https://github.com/aws/jsii/issues/826
asset = DockerImageAsset(self, "MyBuildImage",
directory=path.join(__dirname, "my-image"),
target="a-target"
)
Pull Permissions
Depending on the consumer of your image asset, you will need to make sure the principal has permissions to pull the image.
In most cases, you should use the asset.repository.grantPull(principal)
method. This will modify the IAM policy of the principal to allow it to
pull images from this repository.
If the pulling principal is not in the same account or is an AWS service that
doesn't assume a role in your account (e.g. AWS CodeBuild), pull permissions
must be granted on the resource policy (and not on the principal's policy).
To do that, you can use asset.repository.addToResourcePolicy(statement)
to
grant the desired principal the following permissions: "ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage" and "ecr:BatchCheckLayerAvailability".
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-ecr-assets-1.13.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 63be1efc7db6b8b6786e4c4bc1a4edc3bf14f3a0ce77185ce33885a5bdaa522b |
|
MD5 | da006fabb74ae358f6d27e4dc761ccfc |
|
BLAKE2b-256 | 42c092152c0c7b8a03eeae01ab622f581234487704531958a72eabb2bb26db2b |
Hashes for aws_cdk.aws_ecr_assets-1.13.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c4c8b8c994eaefb52e7e0acfffaf235e46dd69fe243da01053a7d0eaebeefb18 |
|
MD5 | c6d4c2b46c7adf571e1a110ca43f4af9 |
|
BLAKE2b-256 | aa58860c7e670d8dd180de426c8141fe735cba1bd109a197d545dd36bed0c45b |