How to redeploy Docker Images from other AWS accounts using CodePipeline

CodePipeline is a powerful tool, it's excellent for automating your ECS deployments if the ECR image is deployed in the same account. You might be saying, but that should be easy. There shouldn't be any problem, you only need to create a CodePipeline with the Source as your Amazon ECR and the Deploy, the ECS Service, right?

Sadly, it won't work. Any image, which is cloned from one account to another is not recognized as a new deployment. This disrupts your entire pipeline. However, you may be also wondering, why would I do this? Let's take an example.
One AWS master account that clones Docker images to others.

Let's say your team handles 30 projects. Each project is located in individual AWS accounts. The "quick" path is to create individual credentials and deploy the images to each account. However, how likely is it that your team will make a mistake when handling 30 different projects? It's quite high. That's why, we decided to create a Master Account that contains the docker images. The master account later distributes the images to each AWS account. However, the catch was that CodePipeline never recognized the newly deployed images.

So, to fix this challenge, we had to make the following changes:
  1. To create an imagedefinitions.json file.
    "name": "YOUR_APP_NAME",
    "imageUri": "YOUR_ECR_REPO:latest"

    • The name is the name of your project.
    • The imageUri is the URL your local ECR gives you, for example,
  1. To zip the file and keep it with the same name,
  2. To create an S3 bucket and enable Bucket Versioning.
  3. To upload the to your new S3 bucket.
  4. To create a basic Code PipeLine with your ECR as your Repo and the deploy destination of your ECS service.
  1. To Edit the Pipeline.
  2. To Add action.
  1. To configure the new action with the following values:
    • Action name: Get-JSON
    • Action provider: Amazon S3
    • Bucket: your bucket.
    • S3 object key:
    • Output artifacts: imagedefinitions

  1. To edit the Deploy stage.
  1. To search for Input artifacts and set the value as imagedefinitions.

  1. To modify the Image definitions file - optional.
It should look this in your final configuration:

  1. To go to EventBridge.
  2. To go to the Buses and Rules section.
  1. To search for the newly created rule for your CodePipeline.
  2. Modify the Event Pattern to the following one:
  "source": ["aws.ecr"],
  "detail": {
    "action-type": ["PUSH"],
    "image-tag": ["latest"],
    "repository-name": ["YOUR_REPO_NAME"],
    "result": ["SUCCESS"]
  "detail-type": ["ECR Image Action"]

Where, YOUR_REPO_NAME is your repo's name. It's not the URL, only the name.

With all these changes, your CodePipeline will detect the changes in your ECR repo. Sometimes, it might not be automatic, but it will be redeployed after a few minutes.