9

Good morning/afternoon/night! Can you help me, please?

I'm working with RHEL 8.2 and this version doesn't support Docker. I installled Podman and everything was ok until I use the following command:

$(aws ecr get-login --no-include-email --region us-east-1)

But, it doesn't work because it's from Docker (I thought it was from AWS Cli).

The error is:

# $(aws ecr get-login --no-include-email --region us-east-1)
-bash: docker: command not found

I've been searching for an answer and some people used a command like this:

podman login -u AWS -p ....

But I tried some flags and the image, but nothing is working!

What is the equivalent command for podman?

Thanks!

Improve this question

2 Answers 2

Reset to default
14

The above command is not associated to docker alone.

It is an AWS cli command to authenticate into the private container image registry(ECR).

Run the below command to get the password for container registry

aws ecr get-login-password --region us-east-1 | podman login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
Improve this answer
4
  • 1
    The accepted answer cannot work because podman --password-stdin means "read the password from stdin". This answer was copied incorrectly from github.com/vumdao/…. The 2 commands should have been connected via a pipe
    – Mike Slinn
    Commented May 4, 2021 at 5:01
  • 4
    Yes! Today, I'm using like this: aws ecr get-login-password --region us-east-1 | podman login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
    – MauTOz
    Commented Jun 20, 2021 at 13:33
  • Downvoted for presenting what was clearly intended to be a single command as two separate commands...
    – jmjohnson85
    Commented Sep 7, 2023 at 15:15
  • 1
    The token from ecr get-login-password is region-specific, so the AWS region for aws ecr get-login-password ... and the ECR URI must macht. I try to adpat the response above.
    – Konstantin A. Magg
    Commented Jan 10 at 10:37
8

This is how the password from aws ecr is piped to podman using AWS CLI. BTW, the username AWS is hardwired and so never needs to be changed:

$ aws ecr get-login-password --region us-east-1 | \
  podman login \
    --username AWS \
    --password-stdin \
    <aws_account_id>.dkr.ecr.<region>.amazonaws.com

Podman will use the IAM credentials for the dev profile in ~/.aws/credentials to log into that AWS account:

[default]
aws_access_key_id = ********************
aws_secret_access_key = ****************************************
region = us-east-1

[dev]
aws_access_key_id = ********************
aws_secret_access_key = ****************************************
region = us-east-1

This is how real values can be looked up for profile dev:

$ export AWS_PROFILE=dev

$ AWS_ACCOUNT="$( aws sts get-caller-identity \
  --query Account \
  --output text
)"

$ AWS_REGION="$( aws configure get region )"

$ aws ecr get-login-password \
    --region $AWS_REGION | \
  podman login \
    --password-stdin \
    --username AWS \
    $AWS_ACCOUNT.dkr.ecr.$AWS_REGION.amazonaws.com

The above is from my blog post on the subject.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.