Overview
Using the credential-helper introduced in Docker version 1.11, we will set up a mechanism
to push to ECR safely and easily.
Upgrade to Docker ver 1.11 or higher
1
2
3
4
5
6
7
| $ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
$ sudo sh -c "echo deb https://apt.dockerproject.org/repo ubuntu-trusty main\
> /etc/apt/sources.list.d/docker.list"
$ sudo apt-get purge lxc-docker docker
$ sudo apt-get update
$ sudo apt-get install docker-engine
$ sudo service docker restart
|
pull Dockerized ECR credential helper
1
| $ docker pull pottava/amazon-ecr-credential-helper
|
Authentication Setup
Choose one of the following three options.
For EC2, 1. Authenticate with an instance role is the cleanest and keeps the code easy to follow.
- Authenticate with an instance role
- Authenticate with credentials
- Authenticate with environment variables
1. Authenticate with an instance role
1
2
3
| docker run --rm \
-e REGISTRY=123457689012.dkr.ecr.us-east-1.amazonaws.com \
pottava/amazon-ecr-credential-helper
|
1
2
3
4
5
6
7
8
9
10
| sudo sh -c 'cat << EOF > /usr/bin/docker-credential-ecr-login
#!/bin/sh
SECRET=\$(docker run --rm \\
-e METHOD=\$1 \\
-e REGISTRY=\$(cat -) \\
pottava/amazon-ecr-credential-helper)
echo \$SECRET | grep Secret
EOF'
sudo chmod +x /usr/bin/docker-credential-ecr-login
|
2. Authenticate with credentials
1
2
3
4
| docker run --rm \
-e REGISTRY=123457689012.dkr.ecr.us-east-1.amazonaws.com \
-v $HOME/.aws/credentials:/root/.aws/credentials \
pottava/amazon-ecr-credential-helper
|
1
2
3
4
5
6
7
8
9
10
11
| sudo sh -c 'cat << EOF > /usr/bin/docker-credential-ecr-login
#!/bin/sh
SECRET=\$(docker run --rm \\
-e METHOD=\$1 \\
-e REGISTRY=\$(cat -) \\
-v $HOME/.aws/credentials:/root/.aws/credentials \\
pottava/amazon-ecr-credential-helper)
echo \$SECRET | grep Secret
EOF'
sudo chmod +x /usr/bin/docker-credential-ecr-login
|
3. Authenticate with environment variables
- Set the environment variables
1
2
| export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
|
1
2
3
4
5
| docker run --rm \
-e REGISTRY=123457689012.dkr.ecr.us-east-1.amazonaws.com \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
pottava/amazon-ecr-credential-helper
|
1
2
3
4
5
6
7
8
9
10
11
| sudo sh -c 'cat << EOF > /usr/bin/docker-credential-ecr-login
#!/bin/sh
SECRET=\$(docker run --rm \\
-e METHOD=\$1 \\
-e REGISTRY=\$(cat -) \\
-e AWS_ACCESS_KEY_ID \\
-e AWS_SECRET_ACCESS_KEY \\
pottava/amazon-ecr-credential-helper)
echo \$SECRET | grep Secret
EOF'
sudo chmod +x /usr/bin/docker-credential-ecr-login
|
Credential Storage Setup
1
2
3
4
5
6
7
| mv $HOME/.docker/config.json $HOME/.docker/config.json.org
cat << EOF > $HOME/.docker/config.json
{
"credsStore": "ecr-login"
}
EOF
|
With this, you are freed from aws ecr get-login ♪
