Logging into ECR

Once you have created a repository for your Docker image, the next step is to build and publish your images to ECR. Before you can do this, you must authenticate with ECR, given at the time of writing ECR is a private service that does not support public access.

The instructions and commands for logging into ECR were displayed as part of the ECR repository wizard, however you can view these instructions any time by selecting an appropriate repository and clicking the View Push Commands button, which will display the various commands required to log in, build, and publish Docker images to the repository.

The first command displayed is the aws ecr get-login command, which will generate a docker login expression that includes temporary authentication token valid for logging into ECR for 12 hours (note the command output has been truncated in the interests of saving space):

> aws ecr get-login --no-include-email
docker login -u AWS -p eyJwYXl2ovSUVQUkJkbGJ5cjQ1YXJkcnNLV29ubVV6TTIxNTk3N1RYNklKdllvanZ1SFJaeUNBYk84NTJ2V2RaVzJUYlk9Iiw
idmVyc2lvbiI6IjIiLCJ0eXBlIjoiREFUQV9LRVkiLCJleHBpcmF0aW9uIjoxNTE4MTIyNTI5fQ== https://385605022855.dkr.ecr.us-east-1.amazonaws.com

The --no-include-email flag is required for Docker versions 17.06 and higher, as the -e Docker CLI email flag was deprecated from this release.

Although you can copy and paste the generated command output in the preceding example, a faster method is to automatically execute the output of the aws ecr get-login command using a bash command substitution by surrounding the command with $(...):

> $(aws ecr get-login --no-include-email)
Login Succeeded