Skip to content

Guide: Adding a New Image to AWS ECR Registry

Images are not automatically published to the ECR registry for the first time. Long-term it will become the Operations team's responsibility to control what images are allowed to be pushed into dev/staging/production registries. We may soften/harden requirements depending on the development and operations teams feelings.

Currently, the oc-infrastructure:bootstrap/ecr-mirror repository contains whitelists of images that can be deployed to each environment. These images are controlled via the vars/env-<ENV>.tfvars variable files. In order to get an image into AWS for the first time, we must add the new image to the whitelist.

In practice, there should be a review of these images before adding them to the repository, and updates will follow Continous Delivery best practices.

Adding a new image for the first time.

We must update our deployment in oc-infrastructure:bootstrap/ecr-mirror vars/env-<env>.tfvars file to include the new image. Here is an example diff for this change.

> diff vars/env-demo.tfvars
~   ...
~   ecr_repositories = [
~     "portal",
+     "partner-conference-portal",
~   ]
~   ...

Any developer/operations person can raise PR requests to make these kinds of changes. And should consider whether this change should be applied to all environments or just a specific environment.

These changes should have at least one reviewer who has experience working in oc-infrastructure.git.