Skip to content

Container registry access

ReSim needs to pull your build images and metrics build images from a container registry. This page describes how to configure access for each supported registry.

AWS ECR

To use images hosted in AWS Elastic Container Registry (ECR) with ReSim, you can set up access to an existing ECR repository, or create a new ECR repository.

If you're creating a new repository, we recommend creating it in us-east-1 as that's where our app runs. You can follow the AWS documentation for creating ECR repositories.

The repository needs a policy applied so that ReSim components can pull images from it. Check whether you are using a generic role or a customer-specific role as described in IAM Roles.

New repository, or existing repository without policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowReSimToPull",
      "Effect": "Allow",
      "Principal": {
        "AWS": ["arn:aws:iam::083585393365:role/resim-customer-prod"]
      },
      "Action": ["ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer"]
    }
  ]
}

Existing repository with policy

If you have an existing ECR repository with images you would like to test, and that repository already has a policy set, add the below statement to the repository's policy. Check whether you are using a generic role or a customer-specific role as described in IAM Roles.

"Statement": [{
    "Sid": "AllowReSimToPull",
    "Effect": "Allow",
    "Principal": {
        "AWS": [
            "arn:aws:iam::083585393365:role/resim-customer-prod"
        ]
    },
    "Action": [
        "ecr:BatchGetImage",
        "ecr:GetDownloadUrlForLayer"
    ]
}]

Docker Hub

You can use an existing repository or create a new one. Once it's ready, you will need to set up a new service account and share the Docker ID and personal access token (PAT) securely with us.

Docker Image Pull Rate

We use a mechanism to pull and mirror your container images securely inside our platform. This means image retrieval is quicker, and also means that we only make requests to Docker Hub when you publish images we haven't yet mirrored. Thus the limit of 5000 pulls per day Docker imposes should be more than enough.

GitHub Container Registry

To use ReSim with GitHub Container Registry (ghcr.io), create a Personal Access Token (classic) with access to the relevant repository and the read:packages scope.

Share the token and your GitHub username with your contact at ReSim and we will configure secure storage and automated use of your credentials.

To restrict the access this token grants, create a new GitHub account and add it as an outside collaborator with access only to the relevant repository/repositories.

Google Artifact Registry

You can use an existing repository or create a new one. Once it's ready, you will need to set up a new service account and generate a key for it. ReSim needs the service account to have Artifact Reader access to the repository in question.

To grant ReSim access, please share a base64 encoded version of the key.json, which can be used to login to the artifact registry.

AWS GovCloud or private cloud solutions

Please get in touch with ReSim if you would like to discuss other, more bespoke, access patterns or if you are a user of AWS GovCloud, which we also support.