Using ECR as a Private Image Registry #5873
-
I've read this page (https://docs.github.com/en/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry#common-image-registry-servers) several times and gotten Docker Hub working correctly, but I can not get ECR working. I've created several users and IAM credentials using full access to ECR and still can not get the image to be read in via Docker or a service via Can someone confirm that values for each? For example, the docs say the server should be in the format of |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 25 replies
-
I don't believe that AWS ECR supports using the Access Key ID/secret key paradigm, I think you have to generate a short lived authorization token and refresh it (per their docs). We are planning on offering a secrets API (like what Actions provides) to enable you to programmatically refresh that token. |
Beta Was this translation helpful? Give feedback.
-
So @asciimike are you saying that the feature on this page with regard to ECR a) does not work or b) will if I or Codespaces does something different? My expectation was that given the key and secret I provided, Codespaces would have done the API calls needed to do the ECR login. For example, we use this GitHub Action (https://github.com/marketplace/actions/docker-login#aws-elastic-container-registry-ecr) and we already did the work to make sure the key/secret has IAM permissions to do In fact, I think we recently had to fix a bug where we had to add that |
Beta Was this translation helpful? Give feedback.
-
@metaskills I have a near term workaround that takes advantage of See https://github.com/chuxel/codespaces-ecr There's slightly different secret names you set, and you can customize the names of the secrets in the event you need more than one across repos, etc. We need to get first class support in place here, but I think this should unblock you. /cc: @asciimike |
Beta Was this translation helpful? Give feedback.
-
Per all the discussion here, we've solved this in a more elegant way which allows you to provide an access key ID and secret. The docs have been updated accordingly: https://docs.github.com/en/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry#accessing-aws-elastic-container-registry |
Beta Was this translation helpful? Give feedback.
Per all the discussion here, we've solved this in a more elegant way which allows you to provide an access key ID and secret. The docs have been updated accordingly: https://docs.github.com/en/codespaces/codespaces-reference/allowing-your-codespace-to-access-a-private-image-registry#accessing-aws-elastic-container-registry