VOOZH about

URL: https://repost.aws/questions/QUD0-JLruoRYyv6SU0DMHvoQ/ecr-private-registry-with-cloudfront

⇱ ECR private registry with Cloudfront | AWS re:Post


Skip to content

ECR private registry with Cloudfront

0

Hi there, I have a private ECR repository, and I need to pull images from on prem machine (using K3s or k0s or microk8s)

I want to avoid from using the ECR url (xxxxxxxxx.yyy.ecr.eu-zzzzz.amazonaws.com/test:latest) and use my domain with Cloudfront origin (blablabla.cloudfront.net/test).

Is it possible to create origin that backed by ECR repository using relevant behavior?

1 Answer
  • Newest
  • Most votes
  • Most comments
Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.
0

No afraid this is not possible.

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. ECR is not web service im afraid.

EXPERT

answered 3 years ago

EXPERT

reviewed 3 years ago

  • shaiz
    3 years ago

    Why is that? This isn't possible even with Lambda function in the middle between the cloudfront & the ECR origin?

  • Gary Mclean EXPERT
    3 years ago

    Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. ECR is not web service im afraid.

  • shaiz
    3 years ago

    1st of all, thanks for the response There is a way maybe with APi GW? or route 53? or LB? maybe with other way?

    We want to serve our registry with a signed URL and not the ECR url.

  • Gary Mclean EXPERT
    3 years ago

    I just found this terraform article which says it can be done with APi GW and Lambda https://github.com/amancevice/terraform-aws-custom-ecr-domain But this is just a DNS redirect