Releases
February 9, 2024
Features
Import Base Images from Private AWS ECR Registries
To pull from an ECR registry, add your registry name to the base_image
field.
Configure your Beam app
from beam import App, Image, Runtime
app = App(
name="ecr-example",
runtime=Runtime(
image=Image(
# Import base image from private ECR registry
base_image="683656326992.dkr.ecr.us-east-1.amazonaws.com/beam-test",
base_image_creds=Image.get_credentials_from_env(
["AWS_ACCESS_KEY", "AWS_SECRET_KEY", "AWS_REGION"]
),
)
),
)
Add an AWS IAM role
You must create an IAM user with the following policy attached. This allows Beam to generate an authentication token to download the image from your private registry.
Your AWS IAM credentials will be used to pull your image, but they are not stored in our system.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
],
"Resource": "arn:aws:ecr:us-east-1:683656326989:repository/dev-test"
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
Source credentials
Beam will read your credentials from a local .env
file, using the Image.get_credentials_from_env()
method in the Beam SDK.
Your .env
file should look like this:
#!/bin/bash
export AWS_REGION=YOUR_REGION
export AWS_SECRET_KEY=YOUR_KEY
export AWS_ACCESS_KEY=YOUR_KEY
Make sure to source the .env file before running beam deploy [app].py
Was this page helpful?