Scroll to navigation

DOCKER-CREDENTIAL-ECR-LOGIN(1) AMAZON-ECR DOCKER-CREDENTIAL-ECR-LOGIN(1)

NAME

docker-credential-ecr-login - Amazon ECR Credential Helper for Docker

SYNOPSIS

docker-credential-ecr-login COMMAND

docker-credential-ecr-login -v

DESCRIPTION

The Amazon ECR Credential Helper for Docker is a credential helper for the docker(1) command that makes it easier to store and retrieve container images with Amazon Elastic Container Registry.

USAGE

Place the docker-credential-ecr-login binary on your PATH and set the contents of your ~/.docker/config.json to be

{

"credsStore":"ecr-login" }

With Docker 1.13.0 or greater, you can configure Docker to use different credential helpers for different registries. To use this credential helper for a specific ECR registry, create a credsHelper section with the URI of your ECR registry:

{

"credHelpers": {
"public.ecr.aws": "ecr-login",
"aws_account_id.dkr.ecr.region.amazonaws.com": "ecr-login"
} }

Once installed, you may use docker pull and docker push with ECR repositories, without running docker login.

AWS CREDENTIALS

The credential helper reads AWS credentials from standard locations, including environment variables, the shared credentials file (~/.aws/credentials), EC2 instance profiles, and ECS task roles.

To use credentials associated with a different named profile in the shared credentials file, you may set the AWS_PROFILE environment variable.

The credential helper reads and supports some configuration options specified in the shared configuration file (~/.aws/config). To disable these options, you must set the AWS_SDK_LOAD_CONFIG environment variable to false. The supported options include:

Assumed roles specified with role_arn and source_profile
External credential processes specified with credential_process
Web Identities like IAM roles for Service Accounts in Kubernetes


The credentials must have a policy applied that allows access to Amazon ECR. See http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html for more information.

OPTIONS

Print the version and git commit used to build docker-credential-ecr-login

COMMANDS

Retrieve credentials for a specific Amazon ECR registry. The registry should be passed to the credential helper via stdin(3) and results will be printed to stdout(3)
Retrieve the names of each registry currently known to the helper. The helper will cache the names of all requested registries and return them here.
Return the version of the credential helper protocol implemented by this helper
This command is not implemented and is a no-op.
This command is not implemented and is a no-op.

BUGS

Kubernetes users using the credential helper inside containers with a non-root user may encounter permission issues described here: https://github.com/kubernetes-sigs/external-dns/pull/1185. You may be able to work around this bug by adjusting the Kubernetes securityContext.

COPYRIGHT

Copyright 2018-2020 Amazon.com, Inc. or its affiliates. All rights reserved.

LICENSE

Licensed under the Apache License, version 2.0.

2018-10-29 AMAZON-WEB-SERVICES