This is how the password from aws ecr
is piped to podman
; using AWS CLI. BTW, the username AWS
is hardwired and so never needs to be changed:
$ aws ecr get-login-password --region us-east-1 | \
podman login \
--username AWS \
--password-stdin \
<aws_account_id>.dkr.ecr.<region>.amazonaws.com
Podman will use the IAM credentials for the dev
profile in ~/.aws/credentials
to log into that AWS account:
[default]
aws_access_key_id = ********************
aws_secret_access_key = ****************************************
region = us-east-1
[dev]
aws_access_key_id = ********************
aws_secret_access_key = ****************************************
region = us-east-1
This is how real values can be looked up for profile dev
:
$ export AWS_PROFILE=dev
$ AWS_ACCOUNT="$( aws sts get-caller-identity \
--query Account \
--output text
)"
$ AWS_REGION="$( aws configure get region )"
$ aws ecr get-login-password \
--region $AWS_REGION | \
podman login \
--password-stdin \
--username AWS \
$AWS_ACCOUNT.dkr.ecr.$AWS_REGION.amazonaws.com
The above is from my blog post on the subject.