15 thẻ
stage builder: FROM <full-sdk-image> AS builder
Common Patterns
stage builder: COPY package*.json / requirements.txt
Common Patterns
stage builder: RUN npm ci / pip install
Common Patterns
stage builder: COPY source code
Common Patterns
stage builder: RUN npm run build / go build / pip install --prefix
Common Patterns
stage runtime: FROM <slim-image> AS runtime
Common Patterns
stage runtime: COPY --from=builder artifacts only
Common Patterns
stage runtime: USER non-root
Common Patterns
stage runtime: CMD exec form
Common Patterns
rule 1
xoá untagged images sau 7 ngày
rule 2
giữ tối đa 10 tagged images có prefix "v"
Code/image
không có secrets
ECS Task Def
secrets[] trỏ tới Secrets Manager ARN
ECS Agent
lấy secret và inject vào env var của container
Container startup
nhận DATABASE_URL, API_KEY qua environment