Amazon Elastic Container Registry (ECR)
Storing container images in Amazon ECR.
The AWS container registry is a container registry flavor provided with the ZenML aws
integration and uses Amazon ECR to store container images.
When to use it
You should use the AWS container registry if:
one or more components of your stack need to pull or push container images.
you have access to AWS ECR. If you're not using AWS, take a look at the other container registry flavors.
How to deploy it
Would you like to skip ahead and deploy a full ZenML cloud stack already, including an AWS ECR container registry? Check out the in-browser stack deployment wizard, the stack registration wizard, or the ZenML AWS Terraform module for a shortcut on how to deploy & register this stack component.
The ECR registry is automatically activated once you create an AWS account. However, you'll need to create a Repository
in order to push container images to it:
Go to the ECR website.
Make sure the correct region is selected on the top right.
Click on
Create repository
.Create a private repository. The name of the repository depends on the orchestrator or step operator you're using in your stack.
URI format
The AWS container registry URI should have the following format:
To figure out the URI for your registry:
Go to the AWS console and click on your user account in the top right to see the
Account ID
.Go here and choose the region in which you would like to store your container images. Make sure to choose a nearby region for faster access.
Once you have both these values, fill in the values in this template
<ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com
to get your container registry URI.
How to use it
To use the AWS container registry, we need:
The ZenML
aws
integration installed. If you haven't done so, runDocker installed and running.
The registry URI. Check out the previous section on the URI format and how to get the URI for your registry.
We can then register the container registry and use it in our active stack:
You also need to set up authentication required to log in to the container registry.
Authentication Methods
Integrating and using an AWS Container Registry in your pipelines is not possible without employing some form of authentication. If you're looking for a quick way to get started locally, you can use the Local Authentication method. However, the recommended way to authenticate to the AWS cloud platform is through an AWS Service Connector. This is particularly useful if you are configuring ZenML stacks that combine the AWS Container Registry with other remote stack components also running in AWS.
This method uses the Docker client authentication available in the environment where the ZenML code is running. On your local machine, this is the quickest way to configure an AWS Container Registry. You don't need to supply credentials explicitly when you register the AWS Container Registry, as it leverages the local credentials and configuration that the AWS CLI and Docker client store on your local machine. However, you will need to install and set up the AWS CLI on your machine as a prerequisite, as covered in the AWS CLI documentation, before you register the AWS Container Registry.
With the AWS CLI installed and set up with credentials, we'll need to log in to the container registry so Docker can pull and push images:
Stacks using the AWS Container Registry set up with local authentication are not portable across environments. To make ZenML pipelines fully portable, it is recommended to use an AWS Service Connector to link your AWS Container Registry to the remote ECR registry.
For more information and a full list of configurable attributes of the AWS container registry, check out the SDK Docs.
Last updated