Have the following to build a docker image in a CDK run
const uploadImageAsset = new DockerImageAsset(this, 'UploaderImage', {
directory: '../docker',
platform: Platform.LINUX_AMD64,
file: 'Dockerfile',
});
The issue is my FROM
in the Dockerfile
is in a different account. The other account ECR permissions gives permissions for the account to pull. I just can’t run the proper auth to get it to build
FROM 11112222233334444.dkr.ecr.us-west-2.amazonaws.com/app:base-2021
Error i’m getting is
#3 [internal] load metadata for 11112222233334444.dkr.ecr.us-west-2.amazonaws.com/app:base-2021
#3 ERROR: pulling from host 11112222233334444.dkr.ecr.us-west-2.amazonaws.com failed with status code [manifests base-2021]: 401 Unauthorized
2
Answers
issue may lie with IAM permissions – can u share what actions u have currently ?
Check on IAM permissions: Does the policy grants ecr:GetAuthorizationToken and ecr:BatchGetImage actions for the specific repository.
Cross-account access : creating a cross-account resource policy may help if u dont have it already . https://aws.amazon.com/blogs/compute/introducing-cross-account-amazon-ecr-access-for-aws-lambda/
You haven’t exactly left a lot of information. But like Sachin Gupta already mentioned, check the IAM Permissions, the Policy related to the user you use must grant the actions for the specific repository.
As I interpret it, you already granted the resource policy.
Let us know what the problem was.