How to correctly format a greengrass recipe for using a Private ECR Image - specifying the digest

Question

The example greengrass recipe is attached:

```
{
  "RecipeFormatVersion": "2020-01-25",
  "ComponentName": "com.example.MyPrivateDockerComponent",
  "ComponentVersion": "1.0.0",
  "ComponentDescription": "A component that runs a Docker container from a private Amazon ECR image.",
  "ComponentPublisher": "Amazon",
  "ComponentDependencies": {
    "aws.greengrass.DockerApplicationManager": {
      "VersionRequirement": "~2.0.0"
    },
    "aws.greengrass.TokenExchangeService": {
      "VersionRequirement": "~2.0.0"
    }
  },
  "Manifests": [
    {
      "Platform": {
        "os": "all"
      },
      "Lifecycle": {
        "run": "docker run account-id.dkr.ecr.region.amazonaws.com/repository[:tag|@digest]"
      },
      "Artifacts": [
        {
          "URI": "docker:account-id.dkr.ecr.region.amazonaws.com/repository[:tag|@digest]"
        }
      ]
    }
  ]
}
```

How exactly is the "[:tag|@digest]" formatted?

Do I just include the tag and leave the digest blank and it is implied?

A full example would be helpful.

Accepted Answer

Hi Phil. Typically, you use one or the other. Drop the square brackets and the pipe. Some more information here: https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-pull-ecr-image.html

Using the example there, to specify the image with the latest tag: `aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`. Or to get the tagged version 2016.09: `aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:2016.09`. Or by digest: `aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux@sha256:f1d4ae3f7261a72e98c6ebefe9985cf10a0ea5bd762585a43e0700ed99863807`.

AFAIK, you can also specify both, but if you do, only the digest will be used.

Tags and digests are not special to ECR. Tags are mutable, digests are not. Depending on who is publishing the image, you may prefer to use the digest to ensure you're getting a particular image.

How to correctly format a greengrass recipe for using a Private ECR Image - specifying the digest

관련 콘텐츠