Promoting Docker Images to Different AWS Accounts
This procedure describes how to promote Docker images to other AWS (Amazon Web Services) accounts, such as staging and production. Do not build Docker images using staging or production AWS accounts.
See the best practices guides when dealing with multiple AWS accounts. Follow these steps to promote Docker images built in one source AWS account to another destination AWS account.
Build Docker images in the source AWS account.
Run the Jenkins job
AuthorizeAwsAccountToPullEcrImages
in the source AWS account.Set the Jenkins job parameter
AWS_ACCOUNT_ID
to the AWS account ID of the destination AWS account.This will authorize the destination AWS account to pull Docker images from the source AWS account’s ECR (Elastic Contariner Registry).
In the destination AWS account, run the Jenkins job
PullDockerImages
. Set the following Jenkins job parameters:- Set
SOURCE_IMAGE_TAG
to the Docker image tag to pull from the source account - Set
DEST_IMAGE_TAG
to the value the Docker images should be tagged in the destination account - Set
EP_IMAGE_REPOS
to a space-separated list of EP ECR repositories from which to promote images - Set
SOURCE_AWS_ACCOUNT_NUMBER
to the AWS account ID of the source account
Optionally set
SOURCE_AWS_REGION
to the AWS region of the source account if the ECR repositories of the source account are in a different region from the destination accountNote: In order to pull images from all of the repositories specified by
EP_IMAGE_REPOS
, each repository must have an image tagged with value inSOURCE_IMAGE_TAG
- Set
The ECR repositories in the destination AWS account will now have the images from the source account. For more information on viewing ECR repositories, see AWS ECR document.