Overview
Container image storage and distribution with cross-account access.
Artifact Registry provides container image repository management — create repositories, generate temporary credentials, and grant cross-account access so your images can be pulled into customer environments.
Platform Mapping
| Platform | Backing Service | Provisioned by |
|---|---|---|
| AWS | Amazon ECR | Alien |
| GCP | Google Artifact Registry | Alien |
| Azure | Azure Container Registry | Alien |
| Local | In-process OCI registry | Alien |
When to Use
Use Artifact Registry when your application needs to manage container images programmatically — building, pushing, pulling, and distributing images across cloud accounts.
Quick Start
// alien.ts
const registry = new alien.ArtifactRegistry("images")
.replicationRegions(["us-west-2", "eu-west-1"]) // AWS only
.build()import { artifactRegistry } from "@alienplatform/sdk"
const registry = await artifactRegistry("images")
const repo = await registry.createRepository("my-app")
console.log(repo.uri) // "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app"
const creds = await registry.generateCredentials(repo.name, "push-pull", 3600)
// Use with: docker login -u ${creds.username} -p ${creds.password} ${repo.uri}let registry = ctx.bindings().load_artifact_registry("images").await?;
let repo = registry.create_repository("my-app").await?;
let creds = registry.generate_credentials("my-app", ArtifactRegistryPermissions::PushPull, Some(3600)).await?;Cross-Account Access
Grant other cloud accounts permission to pull images:
// AWS
await registry.addCrossAccountAccess("my-app", {
type: "aws",
accountIds: ["987654321098"],
regions: ["us-east-1"],
roleArns: ["arn:aws:iam::987654321098:role/lambda-execution"],
allowedServiceTypes: ["function"],
})
// GCP
await registry.addCrossAccountAccess("my-app", {
type: "gcp",
projectNumbers: ["123456789"],
serviceAccountEmails: ["sa@project.iam.gserviceaccount.com"],
allowedServiceTypes: ["function"],
})Cross-account access is not supported on Azure through Alien.