# Manage ECR in prod account module * Status: accepted * Deciders: @lorenyu @shawnvanderjagt @farrcraft @kyeah * Date: 2022-10-07 ## Context and Problem Statement In a multi-account setup where there is one account per environment, where should the ECR repository live? ## Decision Drivers * Minimize risk that the approach isn't acceptable with the agency given uncertainty around ability to provision accounts with the agency * Desire an approach that can adapt equally well to a multi-account setup (with an account per environment) as well as to a single-account setup (with one account across all environments) or a two-account setup (with one account for prod and an account for non-prod) * Desire an approach that can adapt to situations where there is more than one ECR repository i.e. a project with multiple deployable applications * Simplicity ## Considered Options * Separate `dist`/`build` account to contain the ECR repository and build artifacts * Manage the ECR repository as part of the `prod` account * Manage the ECR repository as part of the `dev` or `stage` account ## Decision Outcome Manage the ECR repository(ies) as part of the prod account module, or for single-account setups, the single account module. Since there will always be a prod account, this approach should have minimal risk for not working for the agency, and will also work for projects that only have or need a single account. ## Discussion of alternative approach However, if account management and creation was not an issue, it could be more elegant to have the production candidate build artifacts be managed in a separate `build` account that all environment accounts reference. This approach is described in the following references: * [Medium article: Cross-Account Amazon Elastic Container Registry (ECR) Access for ECS](https://garystafford.medium.com/amazon-elastic-container-registry-ecr-cross-account-access-for-ecs-2f90fcb02c80) * [AWS whitepaper - Recommended Accounts - Deployments](https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/deployments-ou.html) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.simpler.grants.gov/product/decisions/infra/0003-manage-ecr-in-prod-account-module.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.