cdk-ecr-deployment icon indicating copy to clipboard operation
cdk-ecr-deployment copied to clipboard
verified publisher icon cdklabs

Can´t configure a proxy for a ECRDeployment

Open RouvenHernier opened this issue 11 months ago • 3 comments

Hello,

I can´t configure a proxy for a ECRDeployment because no environment / proxy params exist in ECRDeploymentProps.

Can you please add this configuration or do I miss something how to setup the usage of a proxy?

Thanks and best regards

RouvenHernier avatar Mar 21 '25 10:03 RouvenHernier

Thanks for the report @RouvenHernier !

What requests exactly would you like to proxy? What part of this is failing for you without a proxy?

mrgrain avatar Mar 21 '25 12:03 mrgrain

Hi @mrgrain,

I can´t pull the 'src' from a public docker repo for a 'ECRDeployment' without going through our corp. proxy. So all our Lambdas needs to be attached to a VPC and don´t allow direct internet access. The VPC attachment for the Lambda is working fine and we can already use ECRDeployment for non public repos.

But for a public 'src' we get a timeout / error. So this fails: new ECRDeployment(this, 'ECRMirror', { src: new DockerImageName('7.6.4-jdk17'), dest: new DockerImageName('OurPrivateECR:7.6.4-jdk17') });

Because the Docker pull request is not send through our mandatory proxy.

Thanks and best regards

RouvenHernier avatar Mar 21 '25 12:03 RouvenHernier

Gotcha. Thanks for clarifying.

I'll keep this open, but don't expect us to prioritize this any time soon.

You might be better served with a pull through cache: https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache.html

You can also try setting the HTTPS_PROXY env variable on the lambda. This might work because the underlying code seems to support it. But there be dragons.

mrgrain avatar Mar 21 '25 13:03 mrgrain