What is the proper way to log in to ECR?
Currently, I have this command in my bash script for building & pushing an image to Amazon ECR
docker login -u AWS -p "$(aws ecr get-login-password)" "https://$(aws sts get-caller-identity --query 'Account' --output text).dkr.ecr.us-east-1.amazonaws.com"
Which gives the warning "WARNING! Using --password via the CLI is insecure. Use --password-stdin."
How can I change this command to not give the warning? Is this really insecure?
Tinkering around this seems to work well:
aws ecr get-login-password | docker login -u AWS --password-stdin "https://$(aws sts get-caller-identity --query 'Account' --output text).dkr.ecr.us-east-1.amazonaws.com"
$(aws ecr get-login --no-include-email --region cn-northwest-1)
replace cn-northwest-1
as your region.
The recommended way to log in to ECR is to use the command produced by aws ecr get-login
.