AWS claims to support namespacing rules on repos but I don’t follow how you're supposed to set them up. According to the docs here:
Repository names can support namespaces, which you can use to group similar repositories. For example if there are several teams using the same registry, Team A could use the team-a namespace while Team B uses the team-b namespace. Each team could have their own image called web-app, but because they are each prefaced with the team namespace, the two images can be used simultaneously without interference. Team A's image would be called team-a/web-app, while Team B's image would be called team-b/web-app.
So we created a repo in our registry at <registry ID>.dkr.ecr.<region>.amazonaws.com/mycompany/myproj
Based on this, I would then expect to be able to store multiple images in this myproj
namespace such as:
<registry ID>.dkr.ecr.<region>.amazonaws.com/mycompany/myproj/imageone:latest
<registry ID>.dkr.ecr.<region>.amazonaws.com/mycompany/myproj/imagetwo:latest
However, when I try to push one of these images, it tells me the repository mycompany/myproj/imageone
does not exist. I don't know why it's thinking that imageone
is part of my repository name and not my image name:tag. Am I doing something wrong here with how my repository is named or how I'm naming/tagging my images?
ECR doesn't support "namespaces" as a hierarchical grouping concept. While ECR has a flat structure, it's common to use slashes within repository names to organise repositories.
In your example, you would create two repositories with names:
mycompany/myproj/imageone
mycompany/myproj/imagetwo
You could then use this naming convention to write identity-based policies, e.g. IAM group
myproj
could be granted permissions to resourcearn:aws:ecr:us-east-1:123456789012:repository/mycompany/myproj/*
. Other than that, there's nothing special about using the common prefix and ECR considers them two repositories that happen to be named similarly.