[[linux_wiki:ec2_ecr_credential_helper]]

EC2: ECR Credential Helper

General Information

The Elastic Container Registry credential helper allows you to run docker pull/push commands without needing to login to an ECR from an EC2 instance.

Pre-reqs

  • Role: The role attached to your ec2 instance requires appropriate access to the ECR.
  • AMI: Amazon Linux 2

Credential Helper Setup

  • Enable the Amazon Linux Extras Docker Repo
    amazon-linux-extras enable docker
  • Install
    yum install amazon-ecr-credential-helper
  • Create docker dir for ECR credential helper
    mkdir ~/.docker
  • Create the credential helper config file
    vim ~/.docker/config.json
     
    {
            "credsStore": "ecr-login"
    }

These tasks can be included in an Ansible role/playbook

- name: Enable the Amazon Linux Extras Docker Repo
  command: "amazon-linux-extras enable docker"
  
- name: Install Amazon ECR Credential Helper
  yum:
    lock_timeout: 180
    name: "amazon-ecr-credential-helper"
    state: present
	
- name: Create docker dir for ECR credential helper
  file:
    path: "/home/ec2-user/.docker"
    state: directory
    owner: ec2-user
    group: ec2-user
    mode: 0700

- name: Deploy config.json for ECR credential helper
  copy:
    src: "docker-ecr-cred-helper-config.json"
    dest: "/home/ec2-user/.docker/config.json"
    owner: ec2-user
    group: ec2-user
    mode: 0600


Credential Helper File contents(docker-ecr-cred-helper-config.json)

{
        "credsStore": "ecr-login"
}

  • linux_wiki/ec2_ecr_credential_helper.txt
  • Last modified: 2019/07/12 02:23
  • by billdozor