"config": {
"helm-values": [
{
"deps": [
{
"depName": "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns",
"currentValue": "v1.8.7",
"datasource": "docker",
"replaceString": "v1.8.7",
"versioning": "docker",
"autoReplaceStringTemplate": "{{newValue}}{{#if newDigest}}@{{newDigest}}{{/if}}",
"updates": [],
"packageName": "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns",
"warnings": [
{
"topic": "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns",
"message": "Failed to look up docker package 602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns"
}
]
}
],
"packageFile": "examples/values.yaml"
}
]
}
At least one of the host rules is working
{
"hostType": "docker",
"matchHost": "602401143452.dkr.ecr",
"username": "AWS",
"password": process.env.RENOVATE_AWS_ECR_PWD
},
{
"hostType": "docker",
"matchHost": "602401143452.dkr.ecr",
"username": "AWS",
"encrypted": {
"password": process.env.RENOVATE_AWS_ECR_PWD
}
},
{
"hostType": "docker",
"matchHost": "602401143452.dkr.ecr",
"username": process.env.AWS_ACCESS_KEY_ID,
"encrypted": {
"password": process.env.AWS_SECRET_ACCESS_KEY
}
}
$ skopeo list-tags docker://602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns
> FATA[0000] Error listing repository tags: fetching tags list: authentication required
$ aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin 602401143452.dkr.ecr.eu-west-1.amazonaws.com
> Login Succeeded
$ ECR_PWD=$(aws ecr get-login-password --region eu-west-1)
$ skopeo list-tags --creds AWS:$ECR_PWD docker://602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns
> {
"Repository": "602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns",
"Tags": [
"v1.8.3",
"v1.8.3-eksbuild.1",
"v1.8.7-eksbuild.7-linux_amd64",
"v1.6.9-eksbuild.1",
"v1.7.0-eksbuild.1-linux_amd64",
"v1.7.0-eksbuild.1",
"v1.8.3-eksbuild.1-linux_amd64",
}
# trying to access Amazon specific AWS repository with personal credentials
$ aws ecr list-images --repository-name 602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns --region eu-west-1
$ export AWS_ECR_PWD=$(aws ecr get-login-password --region eu-west-1)
$ curl -u AWS:$AWS_ECR_PWD https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/library/eks/coredns/tags/list
$ skopeo list-tags --debug --creds AWS:$ECR_PWD docker://602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns
curl -vks https://602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.3.2
aws ecr get-login-password --region eu-west-1
To use with the Docker CLI, pipe the output of the get-login-password command to the docker login command. When retrieving the password, ensure that you specify the same Region that your Amazon ECR registry exists in.
$ aws ecr get-login-password \
--region eu-west-1 \
| docker login \
--username AWS \
--password-stdin 602401143452.dkr.ecr.eu-west-1.amazonaws.com
AWS_PWD=$(aws ecr get-login-password --region eu-west-1)
AWS_PWD_BASE64=$(echo "AWS:$AWS_PWD" | base64)
AWS_PWD_BASE64=$(echo "$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY" | base64)
curl https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/library/eks/coredns/tags/list -H "Authorization: Basic $AWS_PWD_BASE64"
curl https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/library/eks/coredns/tags/list -H "Authorization: Bearer $AWS_DOCKER_TOKEN"
aws ecr get-authorization-token --region us-east-1 --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2
# not working
curl https://AWS:$AWS_DOCKER_TOKEN@602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/library/eks/coredns/tags/list
curl https://AWS:$AWS_PWD@602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/library/eks/coredns/tags/list
curl https://$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY@602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/library/eks/coredns/tags/list
TOKEN=$(aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken' --region eu-west-1)
curl -i -H "Authorization: Basic $TOKEN" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/amazonlinux/tags/list
curl -i -H "Authorization: Bearer $TOKEN" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/amazonlinux/tags/list
curl -i -H "Authorization: Basic $TOKEN" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/library/eks/coredns/tags/list
curl -i -H "Authorization: Basic $TOKEN" 'https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/token'
curl --url 'https://api.ecr.eu-west-1.amazonaws.com' --aws-sigv4 "aws:amz:eu-west-1:ecr" --user "AWS:$AWS_PWD"
$ aws ecr-public get-login-password \
--region eu-west-1 | helm registry login \
--username AWS \
--password-stdin public.ecr.aws
$ curl -k https://public.ecr.aws/token/ | jq -r '.token'
$ curl -k https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/token/ | jq -r '.token'
aws ecr describe-images --repository-name eks/coredns --registry-id 602401143452 --region eu-west-1
curl -v -k -u AWS:$AWS_PWD https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/token
curl -v -k -u AWS:$AWS_PWD https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/users/login?refresh_token=true
curl -v -k -u AWS:$AWS_PWS https:// ... /v2/token
curl -H "Authorization: Bearer $AWS_PWD" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/eks/coredns/manifests/latest
USERNAME="AWS"
REGISTRY_URL="602401143452.dkr.ecr.eu-west-1.amazonaws.com"
AWS_DOCKER_LOGIN_TOKEN=$(security find-internet-password -w -s "$REGISTRY_URL" -a "AWS")
curl -u "${USERNAME}:${AWS_DOCKER_LOGIN_TOKEN}" "https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/eks/coredns/tags/list"
curl -v -H "Authorization: Bearer $AWS_DOCKER_LOGIN_TOKEN" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/eks/coredns/manifests/latest
curl -v -H "Authorization: Bearer $AWS_DOCKER_LOGIN_TOKEN" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/eks/coredns/tags/list
curl -v -H "Authorization: Bearer $AWS_DOCKER_LOGIN_TOKEN" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/coredns/tags/list
AUTH=$(echo "AWS:$AWS_PWD" | base64 | tr -d "\n")
# only for username AWS
USER="AWS"
AWS_PWD=$(aws ecr get-login-password --region eu-west-1)
BASIC_AUTH=$(echo "$USER:$AWS_PWD" | base64 | tr -d "\n")
curl -H "Authorization: Basic $BASIC_AUTH" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/eks/coredns/tags/list | jq
curl -H "Authorization: Basic $BASIC_AUTH" https://602401143452.dkr.ecr.eu-west-1.amazonaws.com/v2/eks/kube-proxy/tags/list | jq
- Issue-19241
- Issue-16912
- Issue-11000
- Issue-11322 use instance profile
- issue-3800 Renovate fails to get Docker tags from AWS ECR
- issue-6885 ECR repository behind friendly URL throws errors
- Renovate manager
- Renovate home sources
- ECR content discovery
- Public ECR gallery
- Renovate connect to AWS ECR registry
- Authenticate to AWS REgistry
- Amazon Container Image Registries
- AWS CLI public registries
- Docker API
- AWS ECR public registries
- AWS Endpoints
- AWS get login password