Introduction
Architecture
Onboard
Introduction
Teams
Users
Introduction
IntroductionPromote an image in Amazon ECRDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryStore an object on Amazon S3Retrieve an object from Amazon S3
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Argo WorkflowsCopy a remote image with CraneDeploy a binary with EC2Deploy to ECSRender an ECS task definitionBuild a container image with KanikoDeploy with OctopusDeploy with SpinnakerRun Ansible Playbook
Publish evidence items
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxFind Security BugsGitHub Security ScannerGosecMendNexus IQSnykSonarQube bundledSonarQube
IntroductionMendSnyk
IntroductionTruffleHog ContainerTruffleHog CodeTruffleHog S3
Publish test results
CI insights for Jenkins

CloudBees action: Configure Amazon ECR credentials

2 minute read

Use this action to configure Amazon Elastic Container Registry (ECR) credentials for use in CloudBees workflows.

This action logs in a local container configuration file to one or more ECR private registries, or to an ECR public registry.

Prerequisites

Make sure to add the following to your YAML file:

      - name: Check out repo
        uses: actions/checkout@v1

      - name: Configure AWS credentials
        uses: cloudbees-io/configure-aws-credentials@v1
        with:
          role-to-assume: arn:aws:iam::123456789012:role/my-github-actions-role
          aws-region: aws-region-1

Refer to CloudBees action: Configure AWS credentials for more information.

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

registries

String

No

The registry ID.

Usage examples

Log in to ECR, build and push a container image

Log in to an ECR private registry, then build, tag, and push a container image to it.

In your YAML file, add:

      - name: Log in to ECR
        id: login-ecr
        uses: cloudbees-io/configure-ecr-credentials@v1

      - name: Build, tag, and push a container image to ECR
        uses: cloudbees-io/kaniko@v1
        with:
          destination: 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-ecr-repo:latest

For more information, refer to CloudBees action: Build and publish Docker images with Kaniko.

Log in to ECR, package and push a Helm chart

Log in to an ECR private registry, and then package and push a Helm chart to it.

In your YAML file, add:

      - name: Log in to ECR
        id: login-ecr
        uses: cloudbees-io/configure-ecr-credentials@v1

      - name: Package and push helm chart to ECR
        env:
          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          REPOSITORY: my-ecr-repo
        uses: docker://alpine/helm:latest
        run: |
          helm package my-ecr-repo
          helm push my-ecr-repo-0.1.0.tgz oci://123456789012.dkr.ecr.us-east-1.amazonaws.com
(for Kaniko users) Helm and Kaniko use the same credential store, so you can use the same credentials for both.

Log in to ECR on multiple AWS accounts

Add the AWS credentials configuration action, and then provide cross-account access.

In your YAML file, add:

      - name: Configure AWS credentials
        uses: cloudbees-io/configure-aws-credentials@v1
        with:
          role-to-assume: arn:aws:iam::123456789012:role/my-github-actions-role
          aws-region: aws-region-1

      - name: Log in to ECR
        id: login-ecr
        uses: cloudbees-io/configure-ecr-credentials@v1
        with:
          registries: "123456789012,998877665544"

For more information, refer to CloudBees action: Configure AWS credentials.

The repository on account 998877665544 must explicitly grant access to the arn:aws:iam::123456789012:role/my-github-actions-role role for cross-account access to work.

Refer to AWS documentation on allowing secondary account access for how to correctly configure ECR policies.
AWS credentials
EKS credentials