Skip to main content

Private Container Registries

Shipyard supports pulling images from private registries including AWS/ECR, Docker Hub, GCP/GCR, and Quay.

You can add credentials by navigating to your Org Settings page.



When adding registry credentials, select the ECR option.

  • Host: [your ECR host]
  • Access Key: [your AWS access key]
  • Secret Key: [your AWS secret key]
  • Region: [the ECR region, like us-east-1]

The AWS user needs read access to ECR via IAM.

Here's a read-only policy straight from the AWS docs which would grant AWS ECR access to a Shipyard user:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings"
],
"Resource": "*"
}
]
}