Aug 17, 2021 · Aug 17, 2021 · Aug 17, 2021 · Aug 17, 2021
diff --git a/_docs/integrations/amazon-web-services.md b/_docs/integrations/amazon-web-services.md

 ## Using Amazon ECR

 Amazon Containerregistries are fully compliant with the Docker registry API that Codefresh follows.You can connect GCR like any [other Docker registry]({{site.baseurl}}/docs/docker-registries/external-docker-registries/amazon-ec2-container-registry/).
 Amazon ContainerRegistries are fully compliant with the Docker registry API that Codefresh follows.Follow the instruction under [Amazon EC2 Container Registry]({{site.baseurl}}/docs/docker-registries/external-docker-registries/amazon-ec2-container-registry/) to connect.

 {%
 include image.html
 lightbox="true"
 file="/images/integrations/docker-registries/add-amazon-ecr-registry.png"
 url="/images/integrations/docker-registries/add-amazon-ecr-registry.png"
 alt="Connecting to ECR"
 caption="Connecting to ECR"
 max-width="70%"
 %}

 Once the registry is added you can the [standard push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/) step in pipelines. See also the documentation page for [working with Docker registries]({{site.baseurl}}/docs/docker-registries/working-with-docker-registries/).
 Once the registry is added, you can use the [standard push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/) in your pipelines. See [working with Docker registries]({{site.baseurl}}/docs/docker-registries/working-with-docker-registries/) for more information.

 ## Deploying to Amazon Kubernetes

diff --git a/_docs/integrations/docker-registries/amazon-ec2-container-registry.md b/_docs/integrations/docker-registries/amazon-ec2-container-registry.md
 toc: true
 ---

 ## Setting Up ECR Integration - IAM User

 Go to your Account Configuration, by clicking on *Account Settings* on the left sidebar. On the first section called *Integrations* click the *Configure* button next to *Docker Registry*.

 To configure ECR first select **Amazon ECR** from the new registry drop down
 1. For resource-based users require permissions to call ecr:GetAuthorizationToken before they can authenticate to a registry and push or pull any images from any Amazon ECR repository, than you need provide push/pull permissions to specific registry. More information and examples can be found [here](http://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicies.html){:target="_blank"}.
 {{site.data.callout.end}}

 ## Setting Up ECR Integration - Service Account

 Go to your Account Configuration by clicking on *Account Settings* on the left sidebar. On the first section called *Integrations* click the *Configure* button next to *Docker Registry*.

 To configure ECR, first select **Amazon ECR** from the new registry drop down
 and then provided the following:

 * Registry Name -  unique name for this configuration.
 * Region - AWS region.
 * Check the Box *Resolve credentials from service account*

 {{site.data.callout.callout_info}}
 ##### Note

 This option is for hybrid customers who use the Codefresh Runner on their accounts. You will also need to make sure you have set up a Kubernetes service account to use an IAM role. You can follow the [AWS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
 {{site.data.callout.end}}

 There are four different levels to define the service account; Runtime, Account, Pipeline, Trigger.

 The Runtime level is the lowest in the priority.  You can define it in the Runtime Specification under runtimeScheduler > Cluster (same level as namespace) and specify the service account. The key for this will be `serviceAccount`.  You can use the default and make sure you have the correct annotation added to the Service Account. Another option is to create a new service account with the proper permissions and annotations.

 ```yaml
 runtimeScheduler:
  cluster:
    namespace: codefresh
    clusterProvider:
      accountId: 5c1658d1736122ee1114c842
      selector: docker-desktop
    serviceAccount: codefresh-engine
 ```

 The Account level is the next priority.  To define the service account, you will go to Account Settings > Pipeline Settings > Advanced Options.  Here there will be an option called *Authenticate to ECR using this service account*. Here you will type in the Kubernetes service account.

 Following the Account level is the Pipeline level.  You will go to the pipeline you want > Settings > Runtime, then define the Service Account.

 The last and highest priority is the Trigger.  You will go to the pipeline you want > Workflow > Triggers (modify or add) > Advanced Options, and you can define the Service Account.

 ## Pushing Docker images to Amazon ECR

 There are 2 ways to push images

 * [Working with Docker Registries]({{site.baseurl}}/docs/ci-cd-guides/working-with-docker-registries/)
 * [Push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/)
 * [Building and pushing an image]({{site.baseurl}}/docs/yaml-examples/examples/build-and-push-an-image/)
 * [Building and pushing an image]({{site.baseurl}}/docs/yaml-examples/examples/build-and-push-an-image/)
diff --git a/_docs/whats-new/whats-new.md b/_docs/whats-new/whats-new.md

 ## Recent Codefresh Updates:

 ## August 2021
 - Using AWS Service Account for ECR Integration - [documentation]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/#setting-up-ecr-integration---service-account)

 ## July 2021
 - New platform IP addresses - [documentation]({{site.baseurl}}/docs/administration/platform-ip-addresses/)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -15,19 +15,9 @@ Codefresh has native support for AWS in the following areas:

		## Using Amazon ECR

		Amazon Containerregistries are fully compliant with the Docker registry API that Codefresh follows.You can connect GCR like any [other Docker registry]({{site.baseurl}}/docs/docker-registries/external-docker-registries/amazon-ec2-container-registry/).
		Amazon ContainerRegistries are fully compliant with the Docker registry API that Codefresh follows.Follow the instruction under [Amazon EC2 Container Registry]({{site.baseurl}}/docs/docker-registries/external-docker-registries/amazon-ec2-container-registry/) to connect.

		{%
		include image.html
		lightbox="true"
		file="/images/integrations/docker-registries/add-amazon-ecr-registry.png"
		url="/images/integrations/docker-registries/add-amazon-ecr-registry.png"
		alt="Connecting to ECR"
		caption="Connecting to ECR"
		max-width="70%"
		%}

		Once the registry is added you can the [standard push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/) step in pipelines. See also the documentation page for [working with Docker registries]({{site.baseurl}}/docs/docker-registries/working-with-docker-registries/).
		Once the registry is added, you can use the [standard push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/) in your pipelines. See [working with Docker registries]({{site.baseurl}}/docs/docker-registries/working-with-docker-registries/) for more information.

		## Deploying to Amazon Kubernetes

Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -9,6 +9,8 @@ redirect_from:
		toc: true
		---

		## Setting Up ECR Integration - IAM User

		Go to your Account Configuration, by clicking on Account Settings on the left sidebar. On the first section called Integrations click the Configure button next to Docker Registry.

		To configure ECR first select Amazon ECR from the new registry drop down
Expand DownExpand Up		@@ -42,6 +44,43 @@ More information and examples can be found [here](http://docs.aws.amazon.com/Ama
		1. For resource-based users require permissions to call ecr:GetAuthorizationToken before they can authenticate to a registry and push or pull any images from any Amazon ECR repository, than you need provide push/pull permissions to specific registry. More information and examples can be found [here](http://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicies.html){:target="_blank"}.
		{{site.data.callout.end}}

		## Setting Up ECR Integration - Service Account

		Go to your Account Configuration by clicking on Account Settings on the left sidebar. On the first section called Integrations click the Configure button next to Docker Registry.

		To configure ECR, first select Amazon ECR from the new registry drop down
		and then provided the following:

		* Registry Name - unique name for this configuration.
		* Region - AWS region.
		* Check the Box Resolve credentials from service account

		{{site.data.callout.callout_info}}
		##### Note

		This option is for hybrid customers who use the Codefresh Runner on their accounts. You will also need to make sure you have set up a Kubernetes service account to use an IAM role. You can follow the [AWS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
		{{site.data.callout.end}}

		There are four different levels to define the service account; Runtime, Account, Pipeline, Trigger.

		The Runtime level is the lowest in the priority. You can define it in the Runtime Specification under runtimeScheduler > Cluster (same level as namespace) and specify the service account. The key for this will be `serviceAccount`. You can use the default and make sure you have the correct annotation added to the Service Account. Another option is to create a new service account with the proper permissions and annotations.

		```yaml
		runtimeScheduler:
		cluster:
		namespace: codefresh
		clusterProvider:
		accountId: 5c1658d1736122ee1114c842
		selector: docker-desktop
		serviceAccount: codefresh-engine
		```

		The Account level is the next priority. To define the service account, you will go to Account Settings > Pipeline Settings > Advanced Options. Here there will be an option called Authenticate to ECR using this service account. Here you will type in the Kubernetes service account.

		Following the Account level is the Pipeline level. You will go to the pipeline you want > Settings > Runtime, then define the Service Account.

		The last and highest priority is the Trigger. You will go to the pipeline you want > Workflow > Triggers (modify or add) > Advanced Options, and you can define the Service Account.

		## Pushing Docker images to Amazon ECR

		There are 2 ways to push images
Expand DownExpand Up		@@ -104,4 +143,4 @@ max-width="40%"

		* [Working with Docker Registries]({{site.baseurl}}/docs/ci-cd-guides/working-with-docker-registries/)
		* [Push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/)
		* [Building and pushing an image]({{site.baseurl}}/docs/yaml-examples/examples/build-and-push-an-image/)
		* [Building and pushing an image]({{site.baseurl}}/docs/yaml-examples/examples/build-and-push-an-image/)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -10,6 +10,9 @@ toc: true

		## Recent Codefresh Updates:

		## August 2021
		- Using AWS Service Account for ECR Integration - [documentation]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/#setting-up-ecr-integration---service-account)

		## July 2021
		- New platform IP addresses - [documentation]({{site.baseurl}}/docs/administration/platform-ip-addresses/)

Expand Down