tencent cloud

Feedback

Accessing the AWS Image Repository

Last updated: 2024-08-13 17:05:18
    When you need to access repository images from your AWS account to the TCSS console for security scanning, you can see this document to access the AWS image repository.

    Accessing Repository

    1. Log in to the TCSS console. In the left sidebar, click Image Risk Control > Repository Images.
    2. On the image repository page, click Access Repository.
    
    3. In the add image repository popup, configure the relevant parameters, and click Next .
    
    Parameter Name
    Description
    Instance Name
    Fill in the image repository instance name. The instance name must be unique and not empty.
    Repository Type
    Select the third-party image repository type. Currently supported options include Harbor, Quay, JFrog, and AWS. When users access AWS repositories, select AWS.
    Network Type
    Select the network access type for the third-party image repository. AWS repositories only support the public network.
    Region
    Select the region where the third-party image repository is located. The AWS type defaults to Default Region.
    Address
    Enter the access address of the third-party image repository. You can see the log-in address used in the docker log-in command on the command line. For example: If your command is docker log-in example.com:8080, your repository address should be http://example.com:8080 and the input content should be example.com:8080.
    Username
    Enter the username to access the third-party image repository. For details, see how to create an AWS account.
    Password
    Enter the password to access the third-party image repository. For details, see how to create an AWS account.
    Rate Limit
    Select the number of images that can be synchronously pulled per hour. The default is unlimited. Optional values are 5, 10, 20, 50, 100, 500, 1,000, and unlimited.
    Certificate Verification Skipping
    Confirm whether to verify the certificate of the remote image repository instance for image synchronization. If the remote instance uses a self-signed or untrusted certificate, do not check this option. It is checked by default.
    Image Authorizing & Scanning
    Automatically authorize and scan the latest version of the image in this repository, and issue a security scan. The image synchronization speed is about 20 per second, and it is expected to take 20-30 minutes to synchronize. A scan will be initiated after synchronization.
    4. Under the Verify Connection Status, select Connection method, and click Confirm to add.
    Note:
    Verify connection status: You can select Self-owned Host Node Connection or Product Backend Connection.
    Self-owned host node connection: Select your own host node for repository image pulling and scanning. It is recommended to select self-owned host node connection for better image scanning rate.
    Product backend connection: Use TCSS product-side backend services for repository image pulling and scanning. The scanning rate is slower and it takes longer time.
    

    Creating an AWS Account

    Step 1: Creating an IAM User

    1. Log in to the AWS console, and select IAM service.
    
    2. In the IAM dashboard, click Number of Users to enter the user list.
    
    3. In the user list, click Create user.
    
    4. On the create user page, enter the user name as prompted, and click Next.
    Note:
    The optional enabling console access can be configured as needed. This guide does not require checking.
    
    5. On the permissions setting page, select Attach policies directly.
    
    6. When users select permission policies, select the following two policies: AmazonEC2ContainerRegistryReadOnly, and AmazonElasticContainerRegistryPublicReadOnly.
    
    7. After the above configuration is completed, click Next to enter the view and create page, and click Create user to finish creating an IAM user.
    

    Step 2: Creating AK/SK

    1. In the user list, click User name to enter the user summary page.
    
    2. On the user summary page, click Create access key under access keys.
    
    3. In the best practices and alternatives of the access key, select Application Running Outside AWS.
    
    4. In the set description tag, enter the tag value, and click Create access key to complete the creation of the AK/SK access key.
    
    5. On the retrieve and access keys page, the access key is the username required to access the AWS repository, and the secret access key is the password required to access the AWS repository.
    
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support