I'm using AWS/Terraform with ECS and I have a set up where I have multiple AWS accounts that all need access to Docker images contained in ECR in separate AWS account.
In the separate AWS account (the one with the Docker images in ECR) I have created a user with an Access Key (ID & secret).
In my other AWS accounts I have ECS Task Definitions where I can specify the location of the Docker image, however, when I run the task it requires access to the other account to be able to pull the image.
How can I specify in my Terraform ECS task definition that to pull the Docker image from the other account that it needs to authenticate with the Access Key of the user in that other account?
In the separate AWS account (the one with the Docker images in ECR) I have created a user with an Access Key (ID & secret).
The cross account access to the ECR repo should be set using repository policies, not IAM user. Example of such a policy is here.
In terraform, you set the ECR policy using aws_ecr_repository_policy. In addition, your aws_ecs_task_definition will need to specify task_role_arn with permissions to access the ECR repo in the other account.