Anchore ECS Inventory
anchore-ecs-inventory
is a tool to gather an inventory of images in use by
Amazon Elastic Container Service (ECS).
Usage
anchore-ecs-inventory
is a command line tool. It can be run with the following
command:
$ anchore-ecs-inventory can poll Amazon ECS (Elastic Container Service) APIs to tell Anchore which Images are currently in-use
Usage:
anchore-ecs-inventory [flags]
anchore-ecs-inventory [command]
Available Commands:
completion Generate Completion script
help Help about any command
version show the version
Flags:
-c, --config string application config file
-d, --dry-run do not report inventory to Anchore
-h, --help help for anchore-ecs-inventory
-p, --polling-interval-seconds string this specifies the polling interval of the ECS API in seconds (default "300")
-q, --quiet suppresses inventory report output to stdout
-r, --region string if set overrides the AWS_REGION environment variable/region specified in anchore-ecs-inventory config
-v, --verbose count increase verbosity (-v = info, -vv = debug)
Use "anchore-ecs-inventory [command] --help" for more information about a command.
Configuration
anchore-ecs-inventory
needs to be configured with AWS credentials and Anchore
ECS Inventory configuration.
AWS Credentials
Anchore ECS Inventory uses the AWS SDK for Go. The SDK will look for credentials
in the following order:
- Environment variables
- Shared credentials file (~/.aws/credentials)
[default]
aws_access_key_id = <YOUR_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>
Anchore ECS Inventory Configuration
Anchore ECS Inventory can be configured with a configuration file. The default
location the configuration file is looked for is
~/.anchore-ecs-inventory.yaml
. The configuration file can be overridden
with the -c
flag.
log:
# level of logging that anchore-ecs-inventory will do { 'error' | 'info' | 'debug }
level: "info"
# location to write the log file (default is not to have a log file)
file: "./anchore-ecs-inventory.log"
anchore:
# anchore enterprise api url (e.g. http://localhost:8228)
url: $ANCHORE_ECS_INVENTORY_ANCHORE_URL
# anchore enterprise username
user: $ANCHORE_ECS_INVENTORY_ANCHORE_USER
# anchore enterprise password
password: ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD
# anchore enterprise account that the inventory will be sent
account: $ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT
http:
insecure: true
timeout-seconds: 10
# the aws region
region: $ANCHORE_ECS_INVENTORY_REGION
# frequency of which to poll the region
polling-interval-seconds: 300
quiet: false
You can also override any configuration value with environment variables. They
must be prefixed with ANCHORE_ECS_INVENTORY_
and be in all caps. For example,
ANCHORE_ECS_INVENTORY_LOG_LEVEL=error
would override the log.level
configuration
Releasing
To create a release of anchore-ecs-inventory
, a tag needs to be created that points to a commit in main
that we want to release. This tag shall be a semver prefixed with a v
, e.g. v0.2.7
.
Once pushed to origin, this will trigger a GitHub Action that will create the release.
git tag -s -a v0.2.7 -m "v0.2.7"
git push origin v0.2.7
After the release has been successfully created, make sure to specify the updated version
in the ecs-inventory
Helm Chart in anchore-charts.
The files to edit are Chart.yaml
and values.yaml
.