JFrog Connect enables you to link any AWS Elastic Container Registry (ECR) account to deploy updates directly from your container registry to the edge devices.

When you use the Deploy Containers action block in a software update, you can configure the block to pull container images directly from your image registry in AWS Elastic Container Registry (ECR). All you need to do is link your AWS ECR account to your JFrog Connect account. The procedures on this page describe how to connect the account.


  • A JFrog Connect account.

  • An AWS ECR account. From your account, you need:

    • AWS Access Key ID

    • AWS Secret Key

    • ECR Registry Server Address

Get Started

  1. Go to Updates in the left sidebar and click Create Update Flow.

  2. Drag the Deploy Containers action block and drop it in the workflow.

  3. Click the Deploy Containers action block in the flow, and for Registry Account, click Other Registry.

Add Account

Click Add Account and complete the form as described below.

  • Registry Provider: Choose Amazon ECR from the list.

  • Account Display Name: Enter any name you want to display that will identify this account. The display name will appear in the list of Registry Accounts whenever you choose Other Account in the action block configuration.

Access Key ID and Secret

Use the procedure below to get the Access Key ID and Secret from the AWS Management Console.

  1. In the AWS Management Console, go to the IAM page, and in the navigation bar, click Users.

  2. Click Add User. Enter a username, e.g., connect-container-updates, and choose Programmatic Access.

  3. Select “Attach existing Policies directly”. In the policies, search for AmazonEC2ContainerRegistryReadOnly and select it. Set the permissions boundary to "Create user without a permissions boundary".

  4. You can add any tags that you wish.

  5. Finish reviewing and create the user.

  6. Save the Access ID and Secret Key when you are prompted. Connect requires these fields, and you won't be able to access the Secret Key again.

  7. In the configuration form in Connect, enter the Access Key ID and Access Key Secret.

  8. Enter the Registry Address. This is your Registry server address from any repository URI, e.g., In most cases this will be

  9. Save the account information. After saving, you can either continue with your action block configuration or simply cancel the action block without saving. (You can also link an additional AWS ECR account.).

The next time you enter a Deploy Containers action block configuration, this AWS ECR account and any additional accounts you added will be visible in the dropdown list of Other Registry accounts.

What’s Next?

Learn how to use the Deploy Containers action block in a workflow to update containers in your edge devices.

Last updated