How to connect to AWS ECR using python docker-py

Solution 1:

Login Fail

dockerClient refuses the connection with "bad username or password"

The signature of the function you are calling to login is:

def login(self, username, password=None, email=None, registry=None,
          reauth=False, insecure_registry=False, dockercfg_path=None):

Note the position of the registry parameter. It is fourth in the list. So your call of:

regClient = dockerClient.login(username, password, registry)

Is passing your registry as the email since email is the third parameter. Suggest you change to something like:

regClient = dockerClient.login(username, password, registry=registry)

Python or shell?

Is the the right direction or should I be trying to implement this entirely with shell scripts? (Python has been especially valuable for the boto calls to describe what is in each registry)

Go with the Python.

Solution 2:

Complete code example that works:

#!/usr/bin/env python3
import base64, docker, boto3

docker_client = docker.from_env(version='1.24')
ecr_client = boto3.client('ecr', region_name='eu-west-1')

token = ecr_client.get_authorization_token()
username, password = base64.b64decode(token['authorizationData'][0]['authorizationToken']).decode().split(':')
registry = token['authorizationData'][0]['proxyEndpoint']

docker_client.login(username, password, registry=registry)

And of course you should have your AWS credentials set up first, e.g.:

export AWS_ACCESS_KEY_ID=youraccesskey
export AWS_SECRET_ACCESS_KEY=yoursecretaccesskey

Solution 3:

I have faced the same problem, you have to:

1. decode from base64

2. convert from byte to string

3. separate the login 'AWS'

    password = (base64.b64decode(response['authorizationData'][0]['authorizationToken'])).decode("utf-8").split(':')[-1]