Question - Pushing Eramba Enterprise Docker to AWS ECR without AWS CLI access

Question - any ideas for getting the Docker Enterprise Eramba image into AWS when you can’t push into ECR from the AWS CLI?

Hi all,
Our organisation blocks programmatic users within AWS so we can’t use the AWS CLI to push the Docker image into AWS ECR.
We could use EC2 Image Builder or AWS Code Deploy to build an image from docker files+resources or we could pull images down where they are in a public repo or a Code Deploy supported private repo with standard login auth.

However as the Eramba Enterprise image is only available as a built image and that image isn’t publicly available/available via standard repo access I’m a little stuck.

Wondering if anyone had any ideas?

If it helps anyone, I did solve this in the end :slightly_smiling_face:

I created a private registry in Gitlab (so not making Eramba Enterprise image public etc, appreciate Eramba wish to keep that private) and pushed the Eramba enterprise image there from my local machine. I could then securely connect to that registry from AWS ECS (using my Gitlab user api key) and pull the image down for deployment. :+1:

while this is ok to do , so as long is private, this needs to be handled carefully.

it happened in the past a dutch customer did something like this in docker.com but left the image public and the download counter went into the hundreds. solicitors got involved and things got ugly (for the guy that did not really know what was doing while managing registers). so be careful !

Totally understand and appreciate the terms of the software license require us to keep it private. In our case, we have an enterprise Gitlab agreement and any misconfiguration of registries or repo’s would be a security incident - given we host our own in-house source code on there too :slight_smile:

I’m not sure if you would be able to offer a private registry with customer specific access keys? I wouldn’t need to do this workaround then for example.

Could this not be handled, by a registry with a read-only, apikey that is issued to a licensed organization?