Method 1: Temporary AWS CLI Authentication
aws ecr get-login-password --region ap-southeast-1 | \
docker login --username AWS --password-stdin YOUR_ACCOUNT_ID.dkr.ecr.ap-southeast-1.amazonaws.com
Method 2: Persistent Credential Helper with amazon-ecr-credential-helper
-
Setup IAM Permissions, create an IAM user with the
AmazonEC2ContainerRegistryPullOnly
ECR Read-Only Policy
-
Configure AWS credentials at
~/.aws/credentials
[default]
aws_access_key_id = AKxxx
aws_secret_access_key = O3xxx
- Configure
~/.docker/config.json
{
"credHelpers": {
"123456789012.dkr.ecr.ap-southeast-1.amazonaws.com": "ecr-login"
},
"auths": {
"ghcr.io": {
"auth": "your_github_token"
},
"registry.gitlab.com": {
"auth": "your_gitlab_token"
}
}
}
-
Pull image
docker pull 123456789012.dkr.ecr.ap-southeast-1.amazonaws.com/your-repo:tag -
To test your ECR credential, you can use
docker-credential-ecr-login list
Docker Credentials Test