This procedure describes how to promote Docker images to other AWS (Amazon Web Services) accounts, such as staging and production. Do not build Docker images using staging or production AWS accounts.
See the best practices guides when dealing with multiple AWS accounts. Follow these steps to promote Docker images built in one source AWS account to another destination AWS account.
Build Docker images in the source AWS account.
Run the Jenkins job
AuthorizeAwsAccountToPullEcrImagesin the source AWS account.
Set the Jenkins job parameter
AWS_ACCOUNT_IDto the AWS account ID of the destination AWS account.
This will authorize the destination AWS account to pull Docker images from the source AWS account’s ECR (Elastic Contariner Registry).
In the destination AWS account, run the Jenkins job
PullDockerImages. Set the following Jenkins job parameters:
SOURCE_IMAGE_TAGto the Docker image tag to pull from the source account
DEST_IMAGE_TAGto the value the Docker images should be tagged in the destination account
EP_IMAGE_REPOSto a space-separated list of EP ECR repositories from which to promote images
SOURCE_AWS_ACCOUNT_NUMBERto the AWS account ID of the source account
SOURCE_AWS_REGIONto the AWS region of the source account if the ECR repositories of the source account are in a different region from the destination account
Note: In order to pull images from all of the repositories specified by
EP_IMAGE_REPOS, each repository must have an image tagged with value in
The ECR repositories in the destination AWS account will now have the images from the source account. For more information on viewing ECR repositories, see AWS ECR document.