By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to correctly format a greengrass recipe for using a Private ECR Image - specifying the digest

0

The example greengrass recipe is attached:

{
  "RecipeFormatVersion": "2020-01-25",
  "ComponentName": "com.example.MyPrivateDockerComponent",
  "ComponentVersion": "1.0.0",
  "ComponentDescription": "A component that runs a Docker container from a private Amazon ECR image.",
  "ComponentPublisher": "Amazon",
  "ComponentDependencies": {
    "aws.greengrass.DockerApplicationManager": {
      "VersionRequirement": "~2.0.0"
    },
    "aws.greengrass.TokenExchangeService": {
      "VersionRequirement": "~2.0.0"
    }
  },
  "Manifests": [
    {
      "Platform": {
        "os": "all"
      },
      "Lifecycle": {
        "run": "docker run account-id.dkr.ecr.region.amazonaws.com/repository[:tag|@digest]"
      },
      "Artifacts": [
        {
          "URI": "docker:account-id.dkr.ecr.region.amazonaws.com/repository[:tag|@digest]"
        }
      ]
    }
  ]
}

How exactly is the "[:tag|@digest]" formatted?

Do I just include the tag and leave the digest blank and it is implied?

A full example would be helpful.

Topics
Internet of Things (IoT)Containers
Tags
AWS IoT GreengrassAmazon Elastic Container Service
Language
English
Phil Begg
asked 10 months ago301 views
1 Answer
0
Accepted Answer

Hi Phil. Typically, you use one or the other. Drop the square brackets and the pipe. Some more information here: https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-pull-ecr-image.html

Using the example there, to specify the image with the latest tag: aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest. Or to get the tagged version 2016.09: aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:2016.09. Or by digest: aws_account_id.dkr.ecr.us-west-2.amazonaws.com/amazonlinux@sha256:f1d4ae3f7261a72e98c6ebefe9985cf10a0ea5bd762585a43e0700ed99863807.

AFAIK, you can also specify both, but if you do, only the digest will be used.

Tags and digests are not special to ECR. Tags are mutable, digests are not. Depending on who is publishing the image, you may prefer to use the digest to ensure you're getting a particular image.

profile pictureAWS
EXPERT
Greg_B
answered 10 months ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 10 months ago
  • Phil Begg
    10 months ago

    Thanks Greg - makes complete sense now

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content