What is the proper way to log in to ECR?

Currently, I have this command in my bash script for building & pushing an image to Amazon ECR

docker login -u AWS -p "$(aws ecr get-login-password)" "https://$(aws sts get-caller-identity --query 'Account' --output text).dkr.ecr.us-east-1.amazonaws.com"

Which gives the warning "WARNING! Using --password via the CLI is insecure. Use --password-stdin."

How can I change this command to not give the warning? Is this really insecure?


Tinkering around this seems to work well:

aws ecr get-login-password | docker login -u AWS --password-stdin "https://$(aws sts get-caller-identity --query 'Account' --output text).dkr.ecr.us-east-1.amazonaws.com"

$(aws ecr get-login --no-include-email --region cn-northwest-1)

replace cn-northwest-1 as your region.


The recommended way to log in to ECR is to use the command produced by aws ecr get-login.