Using advanced ECR features
ECR has two advanced features that are useful when you are managing a large EKS environment: pull through cache, which allows a private repository to cache public images, and cross-region replication, where you replicate images to another region for use. Let’s explore both options.
Pull-through-cache explained
Pull-through-cache allows a private repository to cache images from either the public ECR repositories or from Quay (please note that Docker Hub is not currently supported). We will use the public ECR repositories in this example, and this allows us to offer public images without giving public internet access to our worker nodes.
Let’s configure a rule in ECR using the following Terraform code; please note it’s done at the registry level, not at the repository level:
resource "aws_ecr_pull_through_cache_rule" "example" { Â Â ecr_repository_prefix = "ecr-public" Â Â upstream_registry_url...