Can't pull images from AWS ECR repository

The ami used for manager/worker nodes doesn’t have the AWS CLI installed, or any way to install it (feel free to enlighted me if you know otherwise) , so I am unable to pull images stored in AWS ECS repositories as the ‘aws ecr get-login’ command is not available.

You can install it (assuming it’s one of the AWS linux variants) like this:

sudo yum update -y
sudo yum install -y awscli

Thanks for the suggestion, but the Cloudformation stack template deploys a Docker specific AMI (Moby Linux aws-v1.13.0-rc4-beta14 (ami-37bf9f44)) which has none of the usual package managers (yum, apt, dnf), python or the AWS CLI installed. The default SSH connection also appears to be containerized as well just to restrict things further.

Per the documentation on accessing the Manager remotely you can do this locally:

ssh -i aws-host-key-file -NL localhost:2374:/var/run/docker.sock docker@<docker-manager-public-ip> &

Then i used my local aws install:
aws ecr get-login --region us-east-1

And modified there response to include the -H localhost:2374, like so:
docker -H localhost:2374 login -u AWS -p <token> -e none https://<registry-url>

Then you can create a stack like so that works with ECS included in the yaml:
docker -H localhost:2374 stack deploy --compose-file stack.yml --with-registry-auth <service-name>

This allowed me to create new stacks or services with ECR. What I don’t know is if scheduling will continue to work after the token has expired.

1 Like

What “documentation” are you referring here? Trying to figure this out on my end and any information on remotely connecting to a swarm provisioned with Docker for AWS would be appreciated.

The documentation is here:

1 Like

Hey @ambrons, thank you so much, for this response it help me, but do you know if your warning comes true

What I don’t know is if scheduling will continue to work after the token has expired.

I mean after 12 hours (the time the token lives all turn down)