Using Private image from ECR

Hi,
How do I pull a private image from ECR ?
Am using below config.

version: 2
jobs:
  unit_test:
    docker:
      - image: ${ECR}/foo:latest
       - auth:
              username: xx
              password: xx

The username and password are not static and they expire every 12hrs on ECR, I believe.
Using remote-docker engine, am able to pull the repo.
However, need the private container to run in the primary environment.
Is there a way to get the creds dynamically, such as running a script prior to pulling the image from ECR?

2 Likes

The aws ecr credential may help here. It deals with providing docker with proper credentials when pulling from ECR.

https://github.com/awslabs/amazon-ecr-credential-helper.

Regards,
Fabian

Interesting. Could you confirm if it is possible to use a private image?

Nice, this is basically what I had planned to do. However, it would still require a way to run commands before you designate the image, which it seems is not possible.

I haven’t tried this together with circleci myself, but I figure that If you bake the credential helper into the build image together with the credHelpers configuration, then you only need to configure circleci to provide the aws credentials. In that setup, I don’t think you don’t need to run any commands. docker pull will run without docker login.

Yes, you can pull private images if your aws creds provides access to those.

Right, but I would like my build image to come from ECR.

We’ve launched support for this feature: https://circleci.com/blog/aws-ecr-auth-support/

This does not seem to work with the circleci local-jobs CLI tool. Is that expected to work ?

I’m not 100% sure but I don’t see why it wouldn’t.

Can you confirm if you’re using the latest version? My output when I run circleci version is:

circleci-builder version: 0.0.2681-e73f80d
Build Agent version: 0.0.4144-c29356c
built: 2017-09-12T00:28:57+0000

circleci version: 0.0.4141-1bd195a
Build Agent version: 0.0.4142-1bd195a
built: 2017-09-11T09:57:00+0000

Okay so try updating with circleci update and try again. If you’re still having an issue, I will investigate this further.

It works with the updated client. Thanks!

1 Like

Awesome. I’m happy to hear that. :wink: