ECR External Feed in another AWS account

Hello, is there a way to have Octopus use a External ECR feed for Docker images from a different AWS account than the server is deployed?

I have Octopus in AWS Account A
ECR is in AWS Account K

Octopus is only showing repo’s from Account A, I want account K

Hey @DIST_Technology_Dev_Systems , thanks for reaching out!

Based on how the ECR feed type is documented, I’d expect that as long as you’re using credentials (Access Key, Secret Key, and region) for a user that has access to the ECR feed in AWS Account K, you should be able to query and pull those packages.

Can you confirm if you’ve tried this approach already?

Yes, this has been tried, but we can only see the repo’s in the same AWS account as where Octopus is installed. Is there a way to Search other AWS Accounts in the Test → Search area?

I don’t know that there’s another way to test the search within the Octopus UI, but I’m doing some digging on my side to confirm.

I’m about to be off for the remainder of today, but I’m going to look over these couple of AWS posts to see what I can map out in Octopus tomorrow to reproduce your scenario:

Hoping to have more information to share tomorrow!

Hey @DIST_Technology_Dev_Systems , sorry for the wait.

After looking through the documentation, I believe the two links above are currently the only way to have shared access to an AWS ECR repository.

The resources I’m finding all point back to the two links I initially shared, requiring the 12 hour Docker authorization token (similar to the documented approach for older Octopus versions using ECR).

I found a pretty good guide to how the architecture can be modeled here. If you have any additional questions around the Octopus approach to adding these feeds, I’m happy to help however I can! Sorry there’s not a better story on the cross-account access piece, IAM always gets a little tricky.

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.