AWS ECR Repository - How to copy images from one account and push to another account

This is not a currently supported feature of ECR so you would need to perform the following steps to migrate from one account to another:

  • aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com - Run this for the source account
  • docker pull $SOURCE_IMAGE:$VERSION - Pull the latest tag down to your local
  • docker tag $SOURCE_IMAGE:$VERSION $TARGET_IMAGE:$VERSION - Tag a new image based on the original source image
  • aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com - Run this for the target account
  • docker push $TARGET_IMAGE:$VERSION - Push the docker image upto the target ECR account.

If you want to move all repositry from particularly region to another account (Destination account) then use below script.

  • It will list all repo from Account A
  • Pull an image from an account A one by one
  • Create Repo in Account B
  • Tag image
  • push image to account B
#!/bin/bash
TARGET_ACCOUNT_REGION="us-west-2"
DESTINATION_ACCOUNT_REGION="us-west-2"
DESTINATION_ACCOUNT_BASE_PATH="123456.dkr.ecr.$DESTINATION_ACCOUNT_REGION.amazonaws.com/"


REPO_LIST=($(aws ecr describe-repositories --query 'repositories[].repositoryUri' --output text --region $TARGET_ACCOUNT_REGION))
REPO_NAME=($(aws ecr describe-repositories --query 'repositories[].repositoryName' --output text --region $TARGET_ACCOUNT_REGION))


for repo_url in ${!REPO_LIST[@]}; do
        echo "star pulling image ${REPO_LIST[$repo_url]} from Target account"
        docker pull ${REPO_LIST[$repo_url]}


        # Create repo in destination account, remove this line if already created
        aws ecr create-repository --repository-name ${REPO_NAME[$repo_url]}
        docker tag   ${REPO_LIST[$repo_url]} $DESTINATION_ACCOUNT_BASE_PATH/${REPO_NAME[$repo_url]} 
        docker push $DESTINATION_ACCOUNT_BASE_PATH/${REPO_NAME[$repo_url]} 
done

Make sure you already obtain login token for both account or add these command in the script.

        aws ecr get-login-password --region $TARGET_ACCOUNT_REGION | docker login --username AWS --password-stdin ${REPO_LIST[$repo_url]}
        # destination account login, make sure profile set for accoutn destination
        aws ecr get-login-password --region $DESTINATION_ACCOUNT_REGION --profile destination_account | docker login --username AWS --password-stdin ${REPO_LIST[$repo_url]}

aws-cli-cheatsheet

Tags:

Docker

Amazon Web Services

Amazon Ecr

Related

Consistent positioning of text relative to plot area when using different data sets How is it possible that java.lang.Object is implemented in Java? Is it possible to install PHP7.4 on stock Alpine 3.12 Docker image? React dev tools - Deactivate "break on warnings" React useCallback linting error missing dependency When should we use default interface method in C#? How to debug 'npm ERR! 403 In most cases, you or one of your dependencies are requesting a package version that is forbidden by your security policy.' cx_Freeze error: baseline image directory does not exist WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available Length (count) of sequences with start and end condition Python Improving performance when using jq to process large files Javascript .replaceAll() is not a function type error

Recent Posts