This is my Current Setup:
I am now sometimes getting the toomanyrequests error during the docker build phase. So, now I want to login to my docker hub account and get rid of this issue.
How do I go about logging into docker hub account only for the build phase? Should I use the buildspec.yml for logging in? But that would conflict with the AWS ecr login, right?
For anonymous users, the rate limit is set to 100 pulls per 6 hours per IP address. For authenticated users, it is 200 pulls per 6 hour period. Users with a paid Docker subscription get up to 5000 pulls per day. If you require a higher number of pulls, you can also purchase an Enhanced Service Account add-on.
All you have to do to avoid Docker's new rate-limit error is authenticate to your Docker Hub account. After you've authenticated to the account, you won't be pulling the image as an anonymous user but as an authenticated user.
This sample builds and runs a Docker image by using AWS CodeBuild and a custom Docker build image ( docker:dind in Docker Hub). To learn how to build a Docker image by using a build image provided by CodeBuild with Docker support instead, see our Docker sample.
That article that Hridiago shared is very helpful.
I have also experienced this issue (It occurred after Docker Hub set limits to the number of unathenticated pulls that could be made per day).
If you have used AWS secrets-manager to store your DockerHub username and password (using key/value pair) your buildspec will look like this (note that my secret is stored as /dockerhub/credentials):
version: 0.2
env:
secrets-manager:
DOCKERHUB_PASS: "/dockerhub/credentials:password"
DOCKERHUB_USERNAME: "/dockerhub/credentials:username"
phases:
install:
commands:
- echo pre_build step...
- docker login --username $DOCKERHUB_USERNAME --password $DOCKERHUB_PASS
- $(aws ecr get-login --no-include-email --region us-east-1)
You will need to ensure that your code build has the correct permissions to access your secrets-manager as mentioned in the article
Julia Cowper's solution should be the accepted answer. Here is the same solution for terraform with codebuild.
resource "aws_codebuild_project" "builder" {
environment = {
environment_variable {
type = "SECRETS_MANAGER"
name = "DOCKERHUB_USER"
value = "[secret-name]:username"
}
environment_variable {
type = "SECRETS_MANAGER"
name = "DOCKERHUB_PASS"
value = "[secret-name]:password"
}
}
}
and you need you secret to look like
{
"username": [username],
"password": [password],
}
then in the buildspec
pre_build:
commands:
- echo Logging in to Docker Hub...
- echo "$DOCKERHUB_PASS" | docker login --username $DOCKERHUB_USER --password-stdin
AWS secret manager for using authenticated requests for docker is good way, syntax is as below:
version: 0.2
env:
shell: bash
secrets-manager:
DOCKERHUB_USERNAME: DockerHubSecret:dockerhub_username
DOCKERHUB_PASSWORD: DockerHubSecret:dockerhub_password
phases:
pre_build:
commands:
- echo logging in docker hub
- docker login --username $DOCKERHUB_USERNAME --password $DOCKERHUB_PASSWORD
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With