Skip to main content

Private Container Registries

Shipyard supports pulling images from private registries including AWS/ECR, Docker Hub, GCP/GCR, Quay, GitHub Packages, and JFrog Artifactory.

Organization Settings

To access your Organization Settings page, click on Settings at the top of your main dashboard:

Access Shipyard org settings page

You can add credentials from the Private Docker Registries section on your Org Settings page.

Add an external container registry from the Shipyard Org Settings page


When adding registry credentials, select the ECR option.

  • Host: [your ECR host]
  • Access Key: [your AWS access key]
  • Secret Key: [your AWS secret key]
  • Region: [the ECR region, like us-east-1]

The AWS user needs read access to ECR via IAM.

Here's a read-only policy straight from the AWS docs which would grant AWS ECR access to a Shipyard user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:GetRepositoryPolicy",
                "ecr:DescribeRepositories",
                "ecr:ListImages",
                "ecr:DescribeImages",
                "ecr:BatchGetImage",
                "ecr:GetLifecyclePolicy",
                "ecr:GetLifecyclePolicyPreview",
                "ecr:ListTagsForResource",
                "ecr:DescribeImageScanFindings"
            ],
            "Resource": "*"
        }
    ]
}