I'm trying to integrate Amazon's new Elastic Container Registry (ECR) with my Jenkins build service. I'm using the Cloudbees Docker Build & Publish plugin to build container images and publish them to a registry.
To use ECR instead of my private registry, I've ran the AWS CLI command aws --region us-east-1 ecr get-login
which spews a docker login
command to run – but I just copied out the password and created a Jenkins credentials of type "Username with password" from that password (the username is always "AWS").
And that works fine! The problem is that the ECR password generates by the AWS CLI is only valid for 12 hours. So right now, I have to manually regenerate the password twice a day and update the Jenkins credentials screen manually, otherwise my builds start failing.
Is there a way to generate permanent ECR login tokens, or somehow automate the token generation?
Best Answer
This is now possible using amazon-ecr-credential-helper as described in https://aws.amazon.com/blogs/compute/authenticating-amazon-ecr-repositories-for-docker-cli-with-credential-helper/.
The short of it is:
{"credsStore": "ecr-login"}