Amazon container registry login

Since we use AWS for a number of other projects, when it came time to publish private docker images in a repository, I really wanted to use Amazon Elastic Container Registry.
However, the login process seems overly complicated.
Is it correct that the only way to log into the ECR is to use the aws command line tools to generate a 12hour token, and use that with the Docker login command?
Any advice on scripting this process without AWS tools?

  • Does Docker support SO_REUSEPORT for kernel 3.9+?
  • wget (or any connection) inside docker can't connect to servers own ip address
  • Cannot run JHipster docker
  • Docker filling up my SSD with containers when I stop an AWS server?
  • Elastic Beanstalk Docker with Amazon CloudWatch
  • redis connect timeout to remote server in a docker
  • Expose a docker port on Mac Osx to other computer
  • Docker-Machine commands timeout TLS handshake but Dock Swarmer working ok
  • Class 'Google\Protobuf\Internal\Message' not found in “Message.proto”
  • Nexus 3: “Remote Connection Pending…” for docker hub
  • Which capabilities can I drop in a Docker Nginx container?
  • Communicating with a Solr 4.10 container in docker-compose
  • One Solution collect form web for “Amazon container registry login”

    You must use AWS tools to generate a temporary authorization token to be used by Docker CLI since it does not support the standard AWS authentication methods. Quoting the explanation from the official AWS ECR authentication documentation:

    Because the Docker CLI does not support the standard AWS authentication methods, you must authenticate your Docker client another way so that Amazon ECR knows who is requesting to push or pull an image. If you are using the Docker CLI, then use the docker login command to authenticate to an Amazon ECR registry with an authorization token that is provided by Amazon ECR and is valid for 12 hours. The GetAuthorizationToken API operation provides a base64-encoded authorization token that contains a user name (AWS) and a password that you can decode and use in a docker login command. However, a much simpler get-login command (which retrieves the token, decodes it, and converts it to a docker login command for you) is available in the AWS CLI.

    Pay attention that although you must use AWS tools to generate the authentication token, using the AWS CLI is not the only option. You can call the GetAuthorizationToken using any form of the AWS tools which is convenient to use from your scripts.

    The get-login command is available only in the AWS CLI as opposed to other AWS tools. As quoted above, it is claimed to be a simple way to perform the authorization.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.