[英]“no basic auth credentials” when trying to pull an image from a private ECR
I have the following line somewhere in the middle of my Dockerfile to retrieve an image from my private ECR. 我在Dockerfile的中间某处有以下行,以从我的私有ECR中检索图像。
FROM **********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************:ff03401
This is the error that I get in AWS Codebuild when trying to build this: 这是我尝试构建此代码时在AWS Codebuild中遇到的错误:
Step 21/36 : FROM **********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************:ff03401 Get https://**********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************/manifests/ff03401: no basic auth credentials
步骤21/36:从**********。dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************:ff03401获取https ://**********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************/manifests/ff03401:基本认证凭证
How can one provide these credentials in the most secure way, and in a way that can also be terraform
ed? 怎样才能以最安全的方式提供这些凭据,并且还可以采用
terraform
?
There are multiple ways to do it. 有多种方法可以做到这一点。
Using aws access and secret key. 使用aws访问和密钥。 In which you set the aws credentials on the ec2 machine and run ecr login command.
在其中您可以在ec2机器上设置aws凭证并运行ecr login命令。
aws ecr get-login --no-include-email --registry-ids <some-id> --region eu-west-1
and then docker pull should work. aws ecr get-login --no-include-email --registry-ids <some-id> --region eu-west-1
,然后aws ecr get-login --no-include-email --registry-ids <some-id> --region eu-west-1
pull应该可以工作。 But this is not a recommended secure way. 但这不是推荐的安全方法。
What I prefer is using aws iam roles . 我更喜欢使用aws iam角色 。
Assuming you want to pull this image on your ec2 machine that was brought up using terraform. 假设您想将此图像拖到使用terraform生成的ec2机器上。 Make use of iam roles.
利用IAM角色。
This should be enough to automatically pull docker images from ECR in a secure way. 这应该足以以安全的方式自动从ECR中提取docker映像。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.