This configuration is only applicable to Vuestorefront instances (both frontend and backend)
Deploying to an additional AWS ECR
Some customers may wish to take ownership of the images created by MDOQ.
- Navigate to your Live Connector instance.
- Open the Settings dialog and open "Additional Configuration" > "Deployment"
- Enable the "Enable Additional Docker Registry" setting
- Enter a AWS Role Arn, this is the role MDOQ will assume when pushing the image. See configuring AWS role below.
- Enter a region
- Enter the image name
- Enter the registry name
- Click save
Next time you create a deployment, the image will be pushed to the newly configured repo. The tag will be the same as the tag you choose in MDOQ.
Configuring an AWS role
Why is this needed?
To allow MDOQ to push images to your registries, MDOQ needs to be authorized to do so. The AWS recommended way to do this is to create a role with just the required permissions.
Creating the role
In this example you should have already created a registry with a repository. (If not please see here)
Using the repository: 111111111111.dkr.ecr.eu-west-2.amazonaws.com/my-custom-repo
This would give us:
- registry name:
111111111111.dkr.ecr.eu-west-2.amazonaws.com
- repository name:
my-custom-repo
- region:
eu-west-2
- Navigate to: https://console.aws.amazon.com/iam/home
- Select "Roles"
- Select "Create Role"
- Select type of trusted entity:
Another AWS account
Account ID:645351799488
(The full arn of the account is:arn:aws:iam::645351799488:user/mdoq-ecr-service-worker
)
Leave the rest at default and select "Next: Permissions" - Click "Create Policy" (this will open a new window), select the "JSON" tab and add:
N.B make sure to update "Resource"
to your repository URI name.
Complete the policy creation
6. Go back to the role creation tab, refresh the list. You should see your new policy.
Select it and click "Next: Tags"
7. Select "Next: Review"
8. Give the role a name and a description and select "Create Role"
9. Now go back to the roles page: https://console.aws.amazon.com/iam/home#/roles
10. Select your new role from the list.
11. At the top of this page is the Role Arn This is the role you need to provide to MDOQ