{"id":1086,"date":"2019-05-15T13:23:53","date_gmt":"2019-05-15T10:23:53","guid":{"rendered":"https:\/\/artem.services\/?p=1086"},"modified":"2019-05-15T13:25:46","modified_gmt":"2019-05-15T10:25:46","slug":"docker-ecr-login","status":"publish","type":"post","link":"https:\/\/artem.services\/?p=1086","title":{"rendered":"Docker — ECR login"},"content":{"rendered":"

Elastic Container Registry<\/p>\n

AIM -> Users<\/p>\n

Choose "Programmatic access" -> Next<\/p>\n

Choose "Attach existing policies directly" -> "Create Policy"<\/p>\n

And add next: <\/p>\n

Read all repo:<\/p>\n

\r\n{\r\n    "Version": "2012-10-17",\r\n    "Statement": [\r\n        {\r\n            "Sid": "VisualEditor0",\r\n            "Effect": "Allow",\r\n            "Action": [\r\n                "ecr:GetLifecyclePolicyPreview",\r\n                "ecr:GetDownloadUrlForLayer",\r\n                "ecr:BatchGetImage",\r\n                "ecr:DescribeImages",\r\n                "ecr:DescribeRepositories",\r\n                "ecr:ListTagsForResource",\r\n                "ecr:ListImages",\r\n                "ecr:BatchCheckLayerAvailability",\r\n                "ecr:GetLifecyclePolicy",\r\n                "ecr:GetRepositoryPolicy"\r\n            ],\r\n            "Resource": "*"\r\n        },\r\n        {\r\n            "Sid": "VisualEditor1",\r\n            "Effect": "Allow",\r\n            "Action": "ecr:GetAuthorizationToken",\r\n            "Resource": "*"\r\n        }\r\n    ]\r\n}\r\n<\/pre>\n
############### Read only one repo ##################<\/p>\n
\r\n{\r\n    "Version": "2012-10-17",\r\n    "Statement": [\r\n        {\r\n            "Sid": "VisualEditor0",\r\n            "Effect": "Allow",\r\n            "Action": [\r\n                "ecr:GetLifecyclePolicyPreview",\r\n                "ecr:GetDownloadUrlForLayer",\r\n                "ecr:BatchGetImage",\r\n                "ecr:DescribeImages",\r\n                "ecr:DescribeRepositories",\r\n                "ecr:ListTagsForResource",\r\n                "ecr:ListImages",\r\n                "ecr:BatchCheckLayerAvailability",\r\n                "ecr:GetLifecyclePolicy",\r\n                "ecr:GetRepositoryPolicy"\r\n            ],\r\n            "Resource": "arn:aws:ecr:eu-west-1:111111111111:repository\/artem-repo"\r\n        },\r\n        {\r\n            "Sid": "VisualEditor1",\r\n            "Effect": "Allow",\r\n            "Action": "ecr:GetAuthorizationToken",\r\n            "Resource": "*"\r\n        }\r\n    ]\r\n}\r\n<\/pre>\n
eu-west-1 — region
\n111111111111 — registry ID
\nartem-repo — repository name<\/p>\n
Save "Access key ID" and "Secret access key"<\/p>\n
XXXXXXXXXXXXXXXXXXXX<\/p>\n
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY<\/p>\n
\r\nsudo apt update\r\nsudo apt install make\r\n<\/pre>\n
\u0414\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0448\u0430\u0433\u0430 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d Docker<\/p>\n
\r\ncd \/tmp && git clone https:\/\/github.com\/awslabs\/amazon-ecr-credential-helper.git\r\ncd amazon-ecr-credential-helper && sudo make docker\r\nsudo cp -a bin\/local\/docker-credential-ecr-login \/usr\/bin\/\r\nmkdir ~\/.docker\/\r\nvim ~\/.docker\/config.json\r\n<\/pre>\n
And add next:<\/p>\n
\r\n{\r\n\t"credsStore": "ecr-login"\r\n}\r\n<\/pre>\n
\u0415\u0441\u043b\u0438 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d AWS-Cli<\/p>\n
\r\nsudo apt install awscli\r\naws configure\r\n<\/pre>\n
\u0418 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c "Access key ID" and "Secret access key"<\/p>\n","protected":false},"excerpt":{"rendered":"
Elastic Container Registry AIM -> Users Choose "Programmatic access" -> Next Choose "Attach existing policies directly" -> "Create Policy" And add next: Read all repo: ############### Read only one repo ################## eu-west-1 — region 111111111111 — registry ID artem-repo — repository name Save "Access key ID" and "Secret access key" XXXXXXXXXXXXXXXXXXXX YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY \u0414\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0448\u0430\u0433\u0430 … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "Docker — ECR login"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1086"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1086"}],"version-history":[{"count":3,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1086\/revisions"}],"predecessor-version":[{"id":1089,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1086\/revisions\/1089"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}