Connect ECR repository to a service
This guide aims to show how to connect an ECR repository
to an existing service in Port.
This guide assumes you have:
- A Port account and that you have completed the onboarding process. We will use the
Service
blueprint created during the onboarding process. - AWS exporter installed and configured in your environment.
Add tags to repositories in AWS ECR
Tagging repositories in ECR allows you to categorize and filter them. You can use tags to specify a repository that is related to a specific service in Port. In this guide, we will add a tag to tell us what service the repository is related to.
To tag an ECR repository, you can use either the AWS CLI or the ECR console. Here are the basic steps:
Using the ECR console
-
Open the Amazon ECR console and select the region .
-
Choose "Repositories" and select the repository you want to tag.
-
Select "Repository tags" from the actions menu on the left side.
-
Choose "Add tags" and specify the key-value pairs for each tag.
Using the AWS CLI
Run the command:
aws ecr tag-resource \
--resource-arn arn:aws:ecr:region:account-id:repository/repository-name \
--tags Key=tag-key,Value=tag-value
This will add a tag with the specified key-value pair to the repository. You can add multiple tags by specifying additional --tags
parameters.
Since our ECR repository
may already have several tags, we will need a mechanism to control how these tags will be related to our Service
blueprint. A way to achieve this relation is to prefix the tag key with the keyword port-
and the value would be anything. We will then use JQ to select the keys that starts with this keyword. For this guide, our tag key will be named port-auth-service
, which will correspond to a Service
entity identified by auth-service
in Port. Since tag values can be optional, we can leave it blank; only the keys matter to us.
Create the service relation
With our ECR resources synced with Port, let's reflect the ECR Repository in our services to display the repository associated with a service.
First, we will need to create a relation between our services and the corresponding ECR Repository. To do this:
- Fill out the form like this, then click
Create
:
With the blueprints are related, we need to assign the relevant ECR Repository to each of our services. This is done by adding some mapping logic. Update the config.json
file from the AWS exporter to:
config.json
(Click to expand)
{
"resources": [
{
"kind": "AWS::ECR::Repository",
"port": {
"entity": {
"mappings": [
{
"identifier": ".RepositoryName",
"title": ".RepositoryName",
"blueprint": "ecr_repository",
"properties": {
"imageTagMutability": ".ImageTagMutability",
"scanningConfiguration": ".ImageScanningConfiguration",
"repositoryArn": ".Arn",
"link": "\"https://console.aws.amazon.com/go/view?arn=\" + .Arn",
"repositoryUri": ".RepositoryUri",
"encryptionConfiguration": ".EncryptionConfiguration",
"lifecyclePolicy": ".LifecyclePolicy",
"tags": ".Tags"
},
"relations": {
"region": ".Arn | split(\":\") | .[3]",
"service": ".Tags | keys[] | select(startswith(\"port-\")) | .[6:]"
}
}
]
}
}
}
]
}
The JQ below selects all keys that start with the keyword port-
. It then removes "port-" from each key, leaving only the part that comes after it and goes ahead to select all keys that fits this criteria as an array
service: .Tags | keys[] | select(startswith("port-")) | .[6:]
What we just did was map the ECR Repository
to the relation between it and our Services
.
Now, if our Service
identifier is equal to the ECR Repository tag key, the service
will automatically be linked to it 🎉
Conclusion
By following these steps, you can seamlessly connect an ECR repository with an existing service blueprint in Port using tags.
Relevant guides and examples: