docs: Add tutorial for using private AWS ECR images#639
Conversation
Documents cross-account IAM delegation that allows Runpod to pull images from private AWS ECR repositories without managing credentials directly.
![promptless[bot]](https://avatars.githubusercontent.com/in/979718?s=60&v=4){kind=small}
| ], | ||
| "Condition": { | ||
| "StringEquals": { | ||
| "aws:PrincipalArn": "arn:aws:iam::418399314813:role/prod-us-east-1-deployment-role" |
There was a problem hiding this comment.
IAM policy details including the aws:PrincipalArn condition for Runpod's deployment role (418399314813) and the required ECR permissions (ecr:GetAuthorizationToken, ecr:BatchCheckLayerAvailability, ecr:GetDownloadUrlForLayer, ecr:BatchGetImage) were provided in engineering comments by page.kelly@runpod.io on this Linear issue.
Source: https://linear.app/runpod/issue/CE-1305/tutorial-or-documentation-for-ecr-delegation
There was a problem hiding this comment.
Note: I wrote this example with the wrong AWS account number, the prod account is 550005742258 and this should be reflected in the tutorial. Other than that this is all correct
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
| ], | ||
| "Condition": { | ||
| "StringEquals": { | ||
| "aws:PrincipalArn": "arn:aws:iam::418399314813:role/prod-us-east-1-deployment-role" |
There was a problem hiding this comment.
Note: I wrote this example with the wrong AWS account number, the prod account is 550005742258 and this should be reflected in the tutorial. Other than that this is all correct
| ], | ||
| "Condition": { | ||
| "StringEquals": { | ||
| "aws:PrincipalArn": "arn:aws:iam::418399314813:role/prod-us-east-1-deployment-role" |
There was a problem hiding this comment.
Same note here, revise prod AWS account number to 550005742258
| 2. Scroll down to **Container Registry Authentication** and click **Add Credential**. | ||
| 3. Select **AWS ECR** as the registry type. | ||
| 4. Enter a **Name** for this credential (for example, `my-ecr-repo`). | ||
| 5. Enter the **ECR Image URI** in the format `ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/REPOSITORY_NAME`. |
There was a problem hiding this comment.
This format is mostly correct, but the URI format for the image name will include both the repository name and a tag, separated by a colon ( e.g. repository:latest )
It's worth noting that the ECR page for a repository has a button for copying the URI directly, which will follow this format
|
|
||
| 1. Navigate to [Pods](https://www.runpod.io/console/pods) and select **Deploy**. | ||
| 2. Choose your GPU configuration. | ||
| 3. Under **Container Image**, enter your full ECR image URI (for example, `123456789012.dkr.ecr.us-east-2.amazonaws.com/my-app:latest`). |
There was a problem hiding this comment.
For example, this image URI is correctly formatted
|
Just a reminder: If you'd like me to act on any feedback you have via Github comments, just type @Promptless in your suggestion and I'll get right on it! (I won't show up in the user dropdown, but I'll process any request that has @Promptless in the comment body.) |
1 participant
Open this suggestion in Promptless to view citations and reasoning process
Documents how to deploy Pods using container images from private AWS ECR repositories via cross-account IAM delegation. Covers configuring ECR repository policies, adding ECR credentials in Runpod, and deploying Pods with private images.
Trigger Events
Tip: Worried about broken links? Ask Promptless to find and fix them automatically 🔗