@@ -41,16 +41,11 @@ This is not necessary if you are using a pre-built image, as described below.
4141
4242## Using pre-built container images
4343
44- Currently, all images must use ` registry.cloudflare.com ` .
44+ Currently, we support images stored in the Cloudflare managed registry at ` registry.cloudflare.com ` and in [ Amazon ECR] ( https://aws.amazon.com/ecr/ ) .
45+ Support for additional external registries is coming soon.
4546
46- :::note
47- We plan to allow other image registries. Cloudflare will download your image, optionally using auth credentials,
48- then cache it globally in the Cloudflare Registry.
49-
50- This is not yet available.
51- :::
52-
53- If you wish to use a pre-built image, first, make sure it exists locally, then push it to the Cloudflare Registry:
47+ If you wish to use a pre-built image from another registry provider, first, make sure it exists locally, then
48+ push it to the Cloudflare Registry:
5449
5550```
5651docker pull <public-image>
@@ -88,6 +83,65 @@ This will output an image registry URI that you can then use in your Wrangler co
8883
8984</WranglerConfig >
9085
86+ ### Using Amazon ECR container images
87+
88+ To use container images stored in [ Amazon ECR] ( https://aws.amazon.com/ecr/ ) , you will need to configure the ECR registry domain with credentials.
89+ These credentials get stored in [ Secrets Store] ( /secrets-store ) under the ` containers ` scope.
90+ When we prepare your container, these credentials will be used to generate an ephemeral token that can pull your image.
91+ We do not currently support public ECR images.
92+ To generate the necessary credentials for ECR, you will need to create an IAM user with a read-only policy.
93+ The following example grants access to all image repositories under AWS account ` 123456789012 ` in ` us-east-1 ` .
94+
95+ ``` json
96+ {
97+ "Version" : " 2012-10-17" ,
98+ "Statement" : [
99+ {
100+ "Action" : [" ecr:GetAuthorizationToken" ],
101+ "Effect" : " Allow" ,
102+ "Resource" : " *"
103+ },
104+ {
105+ "Effect" : " Allow" ,
106+ "Action" : [
107+ " ecr:BatchCheckLayerAvailability" ,
108+ " ecr:GetDownloadUrlForLayer" ,
109+ " ecr:BatchGetImage"
110+ ],
111+ // arn:${Partition }:ecr:${Region}:${Account}:repository/${Repository-name}
112+ "Resource" : [
113+ " arn:aws:ecr:us-east-1:123456789012:repository/*"
114+ // "arn:aws:ecr:us-east-1:123456789012:repository/example-repo"
115+ ]
116+ }
117+ ]
118+ }
119+ ```
120+
121+ You can then use the credentials for the IAM User to [ configure a registry in Wrangler] ( /workers/wrangler/commands/#containers-registries ) .
122+ Wrangler will prompt you to create a Secrets Store store if one does not already exist, and then create your secret.
123+
124+ <PackageManagers
125+ type = " exec"
126+ pkg = " wrangler"
127+ args = " containers registries configure 123456789012.dkr.ecr.us-east-1.amazonaws.com --aws-access-key-id=AKIAIOSFODNN7EXAMPLE"
128+ />
129+
130+ Once this is setup, you will be able to use ECR images in your wrangler config.
131+
132+ <WranglerConfig >
133+
134+ ``` json
135+ {
136+ "containers" : {
137+ "image" : " 123456789012.dkr.ecr.us-east-1.amazonaws.com/example-repo:tag"
138+ // ...rest of config...
139+ }
140+ }
141+ ```
142+
143+ </WranglerConfig >
144+
91145:::note
92146Currently, the Cloudflare Vite-plugin does not support registry links in local development, unlike ` wrangler dev ` .
93147As a workaround, you can create a minimal Dockerfile that uses ` FROM <registry-link> ` . Make sure to ` EXPOSE ` a port in local dev as well.
0 commit comments