diff --git a/src/content/docs/aws/services/ecs.mdx b/src/content/docs/aws/services/ecs.mdx index 337d74ed..2ebb1519 100644 --- a/src/content/docs/aws/services/ecs.mdx +++ b/src/content/docs/aws/services/ecs.mdx @@ -1,12 +1,12 @@ --- -title: "Elastic Container Service (ECS)" -tags: ["Base"] +title: 'Elastic Container Service (ECS)' +tags: ['Base'] description: Get started with Elastic Container Service (ECS) on LocalStack persistence: supported --- import { Badge } from '@astrojs/starlight/components'; -import FeatureCoverage from "../../../../components/feature-coverage/FeatureCoverage"; +import FeatureCoverage from '../../../../components/feature-coverage/FeatureCoverage'; ## Introduction @@ -70,11 +70,7 @@ To create a task definition that runs an `ubuntu` container forever (by running "image": "ubuntu", "cpu": 10, "memory": 10, - "command": [ - "sh", - "-c", - "while true; do echo running; sleep 1; done" - ], + "command": ["sh", "-c", "while true; do echo running; sleep 1; done"], "essential": true, "logConfiguration": { "logDriver": "awslogs", @@ -317,31 +313,26 @@ container.add_mount_points( ## Private registry authentication -To download images from a private registry using LocalStack, you must provide your credentials. -You can pass your Docker credentials to the container by setting the `DOCKER_CONFIG` environment variable and mounting the `~/.docker/config.json` file as a volume at `/config.json`. -Your file paths might differ, so check Docker's documentation on [Environment Variables](https://docs.docker.com/engine/reference/commandline/cli/#environment-variables) and [Configuration Files](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files) for details. - -Here is a Docker Compose example: - -```yaml showshowLineNumbers -services: - localstack: - container_name: "${LOCALSTACK_DOCKER_NAME:-localstack-main}" - image: localstack/localstack-pro - ports: - - "127.0.0.1:4566:4566" - - "127.0.0.1:4510-4559:4510-4559" - - "127.0.0.1:443:443" - environment: - - LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN:?} - - DOCKER_CONFIG=/config.json - volumes: - - "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack" - - "/var/run/docker.sock:/var/run/docker.sock" - - ~/.docker/config.json:/config.json:ro +To download images from a private registry using LocalStack, you must provide your credentials. LocalStack (as of 4.13.0) supports the `repositoryCredentials` parameter in an ECS task definition allowing ECS to pull images from registries that require authentication. This is currently only implemented for Docker executor, with support for the Kubernetes executor forthcoming. + +Below is a minimal example demonstrating the use of `repositoryCredentials` in an ECS task definition: + +```json showshowLineNumbers +{ + "family": "...", + "containerDefinitions": [ + { + "name": "...", + "image": "private-registry.example.com/my-image:latest", + "repositoryCredentials": { + "credentialsParameter": "arn:aws:secretsmanager:us-east-1:000000000000:secret:my-registry-credentials" + } + } + ] +} ``` -Alternatively, you can download the image from the private registry before using it or employ an [Initialization Hook](/aws/capabilities/config/initialization-hooks) to install the Docker client and use these credentials to download the image. +The `credentialsParameter` value is the ARN of a Secrets Manager secret containing the registry credentials. ## Firelens for ECS Tasks