EC2: ECR Credential Helper
General Information
The Elastic Container Registry credential helper allows you to run docker pull/push commands without needing to login to an ECR from an EC2 instance.
Pre-reqs
- Role: The role attached to your ec2 instance requires appropriate access to the ECR.
- AMI: Amazon Linux 2
Credential Helper Setup
- Enable the Amazon Linux Extras Docker Repo
amazon-linux-extras enable docker
- Install
yum install amazon-ecr-credential-helper
- Create docker dir for ECR credential helper
mkdir ~/.docker
- Create the credential helper config file
vim ~/.docker/config.json { "credsStore": "ecr-login" }
Ansible Tasks Version
These tasks can be included in an Ansible role/playbook
- name: Enable the Amazon Linux Extras Docker Repo command: "amazon-linux-extras enable docker" - name: Install Amazon ECR Credential Helper yum: lock_timeout: 180 name: "amazon-ecr-credential-helper" state: present - name: Create docker dir for ECR credential helper file: path: "/home/ec2-user/.docker" state: directory owner: ec2-user group: ec2-user mode: 0700 - name: Deploy config.json for ECR credential helper copy: src: "docker-ecr-cred-helper-config.json" dest: "/home/ec2-user/.docker/config.json" owner: ec2-user group: ec2-user mode: 0600
Credential Helper File contents(docker-ecr-cred-helper-config.json)
{ "credsStore": "ecr-login" }