Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow pulling images from private Docker registry #71

Merged
merged 3 commits into from Aug 2, 2019

Conversation

@joshmyers
Copy link
Collaborator

joshmyers commented Aug 1, 2019

what

As per the documentation for Fargate using private docker registries[1]
this commit introduces a new variable
repository_credentials_secret_arn used to pass in the AWS Secrets
Manager path to your credentials secret. Note that this also requires
the ECS execution task role to have access to this secret.

[1] https://aws.amazon.com/blogs/compute/introducing-private-registry-authentication-support-for-aws-fargate/

testing

I have tested this with repository_credentials_secret_arn set and unset in my caller module.

NOTE this PR does not change the execution task role to allow permissions for AWS Secrets Manager access and instead leaves up to the caller to ensure this by using the task_execution_role_arn output and attaching a policy outside of this module.

joshmyers added 3 commits Jul 31, 2019
As per the documentation for Fargate using private docker registries[1]
this commit introduces a new variable
`repository_credentials_secret_arn` used to pass in the AWS Secrets
Manager path to your credentials secret. Note that this also requires
the Lambda function execution task role to have access to this secret.

[1] https://aws.amazon.com/blogs/compute/introducing-private-registry-authentication-support-for-aws-fargate/
We need the role name rather than the ARN of the role to attach policies
to it later. Yes we could infer the name from the ARN using split etc
but meh, just output it.
Enable running container definitions with the —init flag to ensure a
proper supervisor runs our command.
Copy link
Collaborator

maartenvanderhoef left a comment

LGTM 👍

@maartenvanderhoef maartenvanderhoef merged commit ba21943 into blinkist:master Aug 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.