How to add an ECR for shared Docker images
Introduction
You can create a shared Amazon Elastic Container Registry (ECR) in the Modernisation Platform to store your Docker container images.
The ECR can then be shared to all of your application accounts.
Steps
- Clone the modernisation-platform GitHub repository.
- Add your ECR registry to a Terraform file in terraform/environments/core-shared-services/
- Check if a Terraform file already exists for your application in terraform/environments/core-shared-services/
- If it does not exist, create a new file
- If it already exists, use the existing file
- The file must be named after your application and match the name defined in the environments configuration
- You will need to specify the
push_principals(who do you want to be able to upload to the ECR) andpull_principals(who do you want to be able to download from the ECR) - Raise a pull request
- The pull request will require approval from the team associated with the Terraform file, as defined in the CODEOWNERS configuration. Once the relevant team approves, the pull request can be merged.
Example: Defining a per-application ECR using the shared module
Below is an example Terraform configuration using the shared ECR module. Modify it for your application:
module "sprinkler_ecr_repo" {
source = "../../modules/app-ecr-repo"
app_name = "sprinkler-test"
push_principals = [
"arn:aws:iam::${local.environment_management.account_ids["sprinkler-development"]}:role/modernisation-platform-oidc-cicd",
local.environment_management.account_ids["sprinkler-development"]
]
pull_principals = [
"arn:aws:iam::${local.environment_management.account_ids["sprinkler-development"]}:role/modernisation-platform-oidc-cicd"
]
# Tags
tags_common = local.tags
}
This page was last reviewed on 22 August 2025.
It needs to be reviewed again on 22 February 2026
by the page owner #modernisation-platform
.
This page was set to be reviewed before 22 February 2026
by the page owner #modernisation-platform.
This might mean the content is out of date.