How to connect to AWS ECR using python docker-py
Complete code example that works:
#!/usr/bin/env python3 import base64, docker, boto3 docker_client = docker.from_env(version='1.24') ecr_client = boto3.client('ecr', region_name='eu-west-1') token = ecr_client.get_authorization_token() username, password = base64.b64decode(token['authorizationData']['authorizationToken']).decode().split(':') registry = token['authorizationData']['proxyEndpoint'] docker_client.login(username, password, registry=registry)
And of course you should have your AWS credentials set up first, e.g.:
export AWS_ACCESS_KEY_ID=youraccesskey export AWS_SECRET_ACCESS_KEY=yoursecretaccesskey
I have faced the same problem, you have to:
decode from base64
convert from byte to string
separate the login 'AWS'
password = (base64.b64decode(response['authorizationData']['authorizationToken'])).decode("utf-8").split(':')[-1]
dockerClient refuses the connection with "bad username or password"
The signature of the function you are calling to login is:
def login(self, username, password=None, email=None, registry=None, reauth=False, insecure_registry=False, dockercfg_path=None):
Note the position of the
registry parameter. It is fourth in the list. So your call of:
regClient = dockerClient.login(username, password, registry)
Is passing your
registry as the
regClient = dockerClient.login(username, password, registry=registry)
Python or shell?
Is the the right direction or should I be trying to implement this entirely with shell scripts? (Python has been especially valuable for the boto calls to describe what is in each registry)
Go with the Python.