Using Private image from ECR

icylisper · August 24, 2017, 5:37pm

Hi,
How do I pull a private image from ECR ?
Am using below config.

version: 2
jobs:
  unit_test:
    docker:
      - image: ${ECR}/foo:latest
       - auth:
              username: xx
              password: xx

The username and password are not static and they expire every 12hrs on ECR, I believe.
Using remote-docker engine, am able to pull the repo.
However, need the private container to run in the primary environment.
Is there a way to get the creds dynamically, such as running a script prior to pulling the image from ECR?

fvanderwerf · September 1, 2017, 9:07am

The aws ecr credential may help here. It deals with providing docker with proper credentials when pulling from ECR.

https://github.com/awslabs/amazon-ecr-credential-helper.

Regards,
Fabian

kenden · September 1, 2017, 9:53am

Interesting. Could you confirm if it is possible to use a private image?

kidbrax · September 1, 2017, 12:50pm

Nice, this is basically what I had planned to do. However, it would still require a way to run commands before you designate the image, which it seems is not possible.

fvanderwerf · September 1, 2017, 1:07pm

I haven’t tried this together with circleci myself, but I figure that If you bake the credential helper into the build image together with the credHelpers configuration, then you only need to configure circleci to provide the aws credentials. In that setup, I don’t think you don’t need to run any commands. docker pull will run without docker login.

fvanderwerf · September 1, 2017, 1:07pm

Yes, you can pull private images if your aws creds provides access to those.

kidbrax · September 1, 2017, 4:41pm

Right, but I would like my build image to come from ECR.

FelicianoTech · September 11, 2017, 9:02pm

We’ve launched support for this feature: https://circleci.com/blog/aws-ecr-auth-support/

icylisper · September 11, 2017, 11:14pm

This does not seem to work with the circleci local-jobs CLI tool. Is that expected to work ?

FelicianoTech · September 12, 2017, 1:47am

I’m not 100% sure but I don’t see why it wouldn’t.

Can you confirm if you’re using the latest version? My output when I run circleci version is:

circleci-builder version: 0.0.2681-e73f80d
Build Agent version: 0.0.4144-c29356c
built: 2017-09-12T00:28:57+0000

icylisper · September 12, 2017, 2:09am

circleci version: 0.0.4141-1bd195a
Build Agent version: 0.0.4142-1bd195a
built: 2017-09-11T09:57:00+0000

FelicianoTech · September 12, 2017, 2:28am

Okay so try updating with circleci update and try again. If you’re still having an issue, I will investigate this further.

icylisper · September 13, 2017, 3:23pm

It works with the updated client. Thanks!

FelicianoTech · September 13, 2017, 5:29pm

Awesome. I’m happy to hear that.

Topic		Replies	Views
Is there a way to do pre: or similar at the docker: stage? for ECR? Build Environment ecr , docker	13	3835	June 18, 2018
Use ECS repository image as build image in CircleCI Build Environment docker , circle-yml , 2.0	1	1200	June 18, 2018
How do I pass AWS session token to aws_auth: for pulling docker images from AWS ECR? Build Environment	7	1053	February 27, 2023
Docker AWS ECR auth with oidc role doesn't seem to be working Build Environment ecr , docker , auth	7	1006	November 14, 2024
Use context var for custom docker image repo Build Environment	0	608	November 29, 2021

Using Private image from ECR

Related topics