Public Repository

Last pushed: a year ago
Short Description
Amazon ECR Docker Credential Helper (mainly for Docker for AWS)
Full Description

Fork of https://hub.docker.com/r/pottava/amazon-ecr-credential-helper/


For Docker for AWS add to CloudFormation template:

Fill the secrets and add to mappings:

    "Mappings": {
        "ECRLogin": {
            "registry": {
                "Hostname": "{REGISTRY}"
            }
        },
        ...
    }

Add two resources for script's User AMI access:

        "ECRAuthAccessKey": {
            "DependsOn": "ECRAuthUser",
            "Properties": {
                "UserName": {
                    "Ref": "ECRAuthUser"
                }
            },
            "Type": "AWS::IAM::AccessKey"
        },
        "ECRAuthUser": {
            "Properties": {
                "Policies": [
                    {
                        "PolicyName": "get-authorization-token-only",
                        "PolicyDocument": {
                            "Version": "2012-10-17",
                            "Statement": [
                                {
                                    "Sid": "Stmt1478264874000",
                                    "Effect": "Allow",
                                    "Action": [
                                        "ecr:BatchGetImage",
                                        "ecr:GetAuthorizationToken",
                                        "ecr:GetDownloadUrlForLayer"
                                    ],
                                    "Resource": "*"
                                }
                            ]
                        }
                    }
                ],
                "UserName": {
                    "Fn::Join": [
                        "-",
                        [
                            "ecr-auth",
                            {
                                "Ref": "AWS::StackName"
                            }
                        ]
                    ]
                }

            },
            "Type": "AWS::IAM::User"
        },
        ...

Add to ManagerLaunchConfig (AWS::AutoScaling::LaunchConfiguration resource), UserData:

                "UserData": {
                    "Fn::Base64": {
                        "Fn::Join": [
                            "",
                            [
                                "#!/bin/sh\n",
                                "docker pull artur10clouds/amazon-ecr-credential-helper\n",
                                "cat << EOF > /usr/bin/docker-credential-ecr-login\n",
                                "#!/bin/sh\n",
                                "docker run --rm",
                                " -e METHOD=get ",
                                " -e REGISTRY=", { "Fn::FindInMap": ["ECRLogin", "registry", "Hostname"] },
                                " -e AWS_ACCESS_KEY_ID=", { "Ref": "ECRAuthAccessKey" },
                                " -e AWS_SECRET_ACCESS_KEY=", { "Fn::GetAtt": ["ECRAuthAccessKey", "SecretAccessKey"] },                                " artur10clouds/amazon-ecr-credential-helper\n",
                                "EOF\n",
                                "chmod +x /usr/bin/docker-credential-ecr-login \n",
                                "\n",
                                "mkdir -p /home/docker/.docker\n",
                                "echo '{\"credsStore\": \"ecr-login\"}' > /home/docker/.docker/config.json \n",
                                "\n",
                                ...

Within the same UserData mount the docker-credential-ecr-login script into docker's shell container:

                                "docker run --name=shell-aws ",
                                ...
                                "-v /usr/bin/docker-credential-ecr-login:/usr/bin/docker-credential-ecr-login ",
                                ...
                                "docker4x/shell-aws:$DOCKER_FOR_IAAS_VERSION\n"

For more informations about Docker for AWS: https://beta.docker.com/docs/aws/

Docker Pull Command
Owner
artur10clouds

Comments (0)