The canonical way I've seen to authenticate with an ECR repo (for docker) is to use the aws ecr get-login-password command https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html#registry-auth-token
I am in an environment where I'm unable to install the aws cli command. Does anyone know of a way to generate this password through an API (like HTTP or SDK)? I assume that since it's done via the AWS CLI, there's an API behind it. However I seem to unable to find any guide or documentation for this.
Almost every Amazon document points us to using the CLI or an SDK, however it is possible to make it work with just API calls.
There are two main challenges to making direct API calls:
Signing AWS API requests
As of curl 7.75.0 we have the --aws-sigv4 option to handle this nicely.
It requires a region and service code, as well as a value for the --user arg, where the region and service code need to match the API url, while the values for user depend on your authentication method.
Example:
curl --url 'https://api.ecr.us-east-1.amazonaws.com' --aws-sigv4 "aws:amz:us-east-1:ecr" --user "<user>:<pass>"
ECR public and private endpoints are well documented.
The ECR API docs lack some details
{}'x-amz-target: SpencerFrontendService.<Action>Content-Type: application/x-amz-json-1.1If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With