cognito-local icon indicating copy to clipboard operation
cognito-local copied to clipboard

Published 20 hours ago verified publisher icon jagregory

Deploy docker image to AWS Container Service

Open Townsheriff opened this issue 3 years ago • 4 comments

Hey,

I'm using this library in the CI and it is running very frequent. I have migrated all my docker images to AWS CS, because Docker requires paid subscription. This is not an issue with AWS CS. It would be awesome to see image on there.

Example of redeploying from docker registry to AWS registry.

TOKEN=$(aws ecr-public get-authorization-token --region us-east-1 --output=text --query 'authorizationData.authorizationToken')

skopeo sync --all --src docker --dest docker jagregory/cognito-local public.ecr.aws/xxx --dest-registry-token $TOKEN

Tool to sync images: https://github.com/containers/skopeo

As of now I have built image locally and deployed to my account - https://gallery.ecr.aws/s3m2t6e7/cognito-local (actual version 3.10.0 + these changes)

Townsheriff avatar Dec 11 '21 14:12 Townsheriff

Hey, do you know if there's any precedent for this with other OSS projects?

I'm a bit wary of doing this because it can incur costs for me. There's a good free tier, but it's still a risk that someone could do something stupid in their CI server and start costing me money.

I'd be interested in seeing how other OSS projects have solved this issue.

jagregory avatar Dec 12 '21 01:12 jagregory

I understand your concern.

You can check out the gallery to see which companies/organizations/projects are pushing to the registry.

As I read the pricing section I see that public repositories allow to have 50 GB per month and costs for transfer for anonymous users are 0.

I would guess that others are creating organisations account and have IAM users with restricted rights to push the repository.

Also I would guess they are controlling what is published to the registry, in similar fashion as with npm (I can't publish cognito-local to npm, only you can).

Townsheriff avatar Dec 12 '21 10:12 Townsheriff

Yeah locking down writes sounds easy, it's those anonymous reads I'm a bit hesitant about. My read of the pricing page is as you said "costs for transfer for anonymous users are 0" but only for the first 500gb per month.

Realistically, I can't see this little project hitting 500gb per month any time soon. It's a 50mb image so I'd need 10k downloads a month to hit that.

I'll have a play with it and see if I can set up a mirror.

jagregory avatar Dec 12 '21 23:12 jagregory

As I understand *** Data transferred out from public repositories is limited by source IP when an AWS account is not used. part from pricing - people won't be able to pull the image down when they reach 500gb.

Townsheriff avatar Dec 13 '21 08:12 Townsheriff