Docker Community Forums

Share and learn in the Docker community.

AWS login authentication after expiry of 12 hours

I have docker swarm cluster of 5 nodes (3 Manager and 2 worker nodes).Deploying images from AWS ECR registry. Before starting services authenticating Docker with ECR using command "aws ecr get-login -" on all the Swarm nodes

As the login token is valid only for 12 hours. To run the updated images after expiry of 12 hours am I required run "aws ecr get-login -" on all the Swarm nodes or only Leader node since docker service create is run only from Leader ?

The ECR auth token is not required for running your container but rather for pulling the image from the registry prior to running it. Therefore you will need access to a valid auth token on all nodes that interact with the registry whether they are leaders or workers. The easiest way to achieve that is to configure the ECR credentials helper on each node which will take care of renewing the token when it expires.