堆栈内存溢出
  简体   繁体   English

如何匿名从 AWS ECR docker 镜像中提取?

[英]How to pull from AWS ECR docker image anonymously?

 原文  2017-10-21 00:01:01       amazon-web-services/ docker

问题描述

I understand we need to login to ECR to pull docker image from AWS ECR.我知道我们需要登录 ECR 才能从 AWS ECR 中提取 docker 镜像。 How can I make it anonymous?我怎样才能让它匿名? Since we separate code, data and infrastructure (all open source) separate we do not find a need for the infrastructure part to be private.由于我们将代码、数据和基础设施(都是开源的)分开,我们认为基础设施部分不需要是私有的。

I was able to find the way to create permission with *, not sure how can I make it anonymous so that anyone who wants to download does not need an IAM user access.我能够找到使用 * 创建权限的方法,但不确定如何使其匿名,以便任何想要下载的人都不需要 IAM 用户访问权限。

Below is the policy,下面是政策,

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublic",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability"
            ]
        }
    ]
}

Not sure how can I create an anonymous IAM user as well.不确定如何创建匿名 IAM 用户。

2 个解决方案

解决方案1
 3  2017-10-21 18:15:07

If you read the FAQ如果您阅读常见问题解答

Q: Can Amazon ECR host public container images?问:Amazon ECR 可以托管公共容器映像吗?

Amazon ECR currently supports private images. Amazon ECR 目前支持私有镜像。 However, using IAM resource-based permissions, you can configure policies for each repository to allow access to IAM users, roles, or other AWS accounts.但是,使用基于 IAM 资源的权限,您可以为每个存储库配置策略以允许访问 IAM 用户、角色或其他 AWS 账户。

The only workaround I can think of is probably putting a EC2 machine and the using NGINX to proxy_pass to the ECR url and using the EC2 IP for docker repo我能想到的唯一解决方法可能是放置一台 EC2 机器并使用 NGINX 将proxy_pass传递到 ECR url 并使用 EC2 IP 进行 docker repo

解决方案2
 0  2021-02-17 09:09:19

Starting 1 Dec 2020, You can use ECR public to pull container images anonymously.自 2020 年 12 月 1 日起,您可以使用 ECR public 匿名拉取容器镜像。

Links to How To & Launch Announcement 如何发布公告的链接

Anyone who pulls images anonymously gets 500 GB of free data bandwidth each month after which they can sign up for or sign in to an AWS account.任何匿名拉取图像的人每个月都会获得 500 GB 的免费数据带宽,之后他们可以注册或登录 AWS 账户。 Simply authenticating with an AWS account increases free data bandwidth to 5 TB each month when pulling images from the internet.从 Internet 提取图像时,只需使用 AWS 帐户进行身份验证即可将免费数据带宽增加到每月 5 TB。 And finally, workloads running in AWS will get unlimited data bandwidth from any region when pulling from ECR Public.最后,当从 ECR Public 中提取时,在 AWS 中运行的工作负载将从任何区域获得无限的数据带宽。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kubernetes无法从AWS ECR中提取Docker映像 - Kubernetes can't pull docker image from AWS ECR 如何在启用 MFA 的情况下将 docker 图像从 AWS ECR 拉到 Minikube Kube.netes 集群 - How to pull a docker image from AWS ECR to Minikube Kubernetes cluster with MFA enabled 如何从 AWS ECR 中提取私有 docker 图像以与 Java 中的 Testcontainers 库一起使用 - How to pull a private docker image from AWS ECR to use with the Testcontainers library in Java 如何将Docker容器映像更新从AWS ECR部署到ECS? - How to deploy docker container image updates from AWS ECR to ECS? 如何从 Gitlab CI 登录 AWS ECR 以下载 Docker 映像 - How to login to AWS ECR from Gitlab CI to download a Docker image 本地 vmware 需要花费大量时间从 AWS ECR 中提取 docker 映像 - local vmware takes lot of time to pull the docker image from AWS ECR 从 AWS API 启动 ECR Docker 映像 - Launch ECR Docker image from AWS API 如何在ECR中使用Docker Image与AWS EKS - How to use Docker Image in ECR with AWS EKS 来自 AWS ECR 的 docker compose pull 不起作用 - docker compose pull from AWS ECR doesn't work 如何使用从 AWS ECR 获得的授权令牌执行 docker 拉取 - How to use the authorization token obtained from AWS ECR for performing a docker pull
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM