Skip to content

Latest commit

 

History

History
139 lines (102 loc) · 3.75 KB

README.md

File metadata and controls

139 lines (102 loc) · 3.75 KB

Amazon Elastic Container Registry plugin for Backstage

This is the Amazon Elastic Container Registry (ECR) plugin for backstage.io.

Amazon Elastic Container Registry plugin tab

It provides:

  1. Entity content that displays the Amazon Elastic Container Registry repositories related to that specific entity
  2. Ability to see scan findings for individual images

The plugin consists of the following packages:

  • frontend: The frontend plugin package installed in Backstage
  • backend: The backend plugin package installed in Backstage
  • common: Types and utilities shared between the packages

Installing

This guide assumes that you are familiar with the general Getting Started documentation and have assumes you have an existing Backstage application.

Permissions

The IAM role(s) used by Backstage will require the following permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["ecr:DescribeImages", "ecr:DescribeImageScanFindings"],
      "Resource": "*"
    }
  ]
}

Note: This policy does not reflect least privilege and you should further limit the policy to the appropriate AWS resources.

Backend package

Install the backend package in your Backstage app:

yarn workspace backend add @aws/amazon-ecr-plugin-for-backstage-backend

Add the plugin to the packages/backend/src/index.ts:

const backend = createBackend();
// ...
backend.add(import('@aws/amazon-ecr-plugin-for-backstage-backend'));
// ...
backend.start();

Frontend package

Install the frontend packages in your Backstage app:

yarn workspace app add @aws/amazon-ecr-plugin-for-backstage

Edit the packages/app/src/components/catalog/EntityPage.tsx and add the imports

import {
  isAmazonEcrAvailable,
  EntityAmazonEcrImagesContent,
} from '@aws/amazon-ecr-plugin-for-backstage';

Then add the following components:

<EntityLayout.Route path="/ecr" title="Amazon ECR" if={isAmazonEcrAvailable}>
  <EntityAmazonEcrImagesContent />
</EntityLayout.Route>

Entity annotations

There are two annotations that can be used to reference ECR repositories for an entity.

The first will retrieve all ECR repositories with the matching tags, this is done with the aws.amazon.com/amazon-ecr-tags annotation:

# Example
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
  # ...
  annotations:
    aws.amazon.com/amazon-ecr-tags: component=myapp
spec:
  type: service
  # ...

Please review the Locating resources documentation to understand any additional configuration required for tag-based lookup.

The alternative is to reference a specific ECR repository by ARN, this is done with the aws.amazon.com/amazon-ecr-arn annotation:

# Example
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
  # ...
  annotations:
    aws.amazon.com/amazon-ecr-arn: arn:aws:ecr:us-west-2:1234567890:repository/myapp-repository
spec:
  type: service
  # ...

Configuration

There are configuration options available to control the behavior of the plugin.

aws:
  ecr:
    maxImages: 100 # (Optional) The maximum amount of images retrieved from a repository
    maxScanFindings: 100 # (Optional) The maximum amount of scan findings retrieved from an image

IAM Identity Center shortcut links

As a user of IAM Identity Center, you can make use of shortcut links by adding your AWS access portal subdomain to your app-config.yaml:

aws:
  sso:
    subdomain: d-xxxxxxxxxx