@Stability(value=Experimental)

Package software.amazon.awscdk.assets.docker

AWS CDK Docker Image Assets

See: Description

Interface Summary

Interface	Description
DockerImageAssetProps	EXPERIMENTAL

Class Summary

Class	Description
DockerImageAsset	An asset that represents a Docker image.
DockerImageAssetProps.Builder	A builder for DockerImageAssetProps
DockerImageAssetProps.Jsii$Proxy	A proxy class which represents a concrete javascript instance of this type.

Package software.amazon.awscdk.assets.docker Description

AWS CDK Docker Image Assets

This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.

This module allows bundling Docker images as assets.

Images are built from a local Docker context directory (with a Dockerfile), uploaded to ECR by the CDK toolkit and/or your app's CI-CD pipeline, and can be naturally referenced in your CDK app.

import { DockerImageAsset } from '@aws-cdk/assets-docker';
 
 const asset = new DockerImageAsset(this, 'MyBuildImage', {
   directory: path.join(__dirname, 'my-image')
 });
 

The directory my-image must include a Dockerfile.

This will instruct the toolkit to build a Docker image from my-image, push it to an AWS ECR repository and wire the name of the repository as CloudFormation parameters to your stack.

Use asset.imageUri to reference the image (it includes both the ECR image URL and tag.

You can optionally pass build args to the docker build command by specifying the buildArgs property:

const asset = new DockerImageAsset(this, 'MyBuildImage', {
   directory: path.join(__dirname, 'my-image'),
   buildArgs: {
     HTTP_PROXY: 'http://10.20.30.2:1234'
   }
 });
 

Pull Permissions

Depending on the consumer of your image asset, you will need to make sure the principal has permissions to pull the image.

In most cases, you should use the asset.repository.grantPull(principal) method. This will modify the IAM policy of the principal to allow it to pull images from this repository.

If the pulling principal is not in the same account or is an AWS service that doesn't assume a role in your account (e.g. AWS CodeBuild), pull permissions must be granted on the resource policy (and not on the principal's policy). To do that, you can use asset.repository.addToResourcePolicy(statement) to grant the desired principal the following permissions: "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" and "ecr:BatchCheckLayerAvailability".