We have Docker images hosted on Amazon ECR and the goal is to run them on EC2 instances using Docker Swarm. The services are configured in global mode so that they are automatically replicated on new nodes. An auto-scaling group can automatically add new EC2 instances to the swarm.
The problem is that Docker can not pull the images from the ECR registry. Is there a way to tell Docker swarm to run aws ecr get-login prior to pulling images or is there a way to be permanently signed in into ECR while still using the IAM Role for authentication to ECR ?
Running aws ecr get-login at startup of the new nodes doesn't work either.
FYI: I'm not looking for --with-registry-auth, this works great when I manually update the service but not when AWS automatically adds new nodes.
Best Answer
I had the same issue when using Docker Swarm and AWS auto-scaling enabled.
Solution: You need to run the following command periodically on all services.
Running aws ecr-get login at node startup won't work.
This blog post describes the issue and provides a complete solution on how to implement auto-login to ECR.
http://issamben.com/docker-swarm-ecr-auto-login/