Amazon ECR’s credential helper now supports Amazon ECR Public

amazon-ecr-credential-helper is a credential helper for the Docker daemon that makes it easier to use Amazon Elastic Container Registry (ECR). Once configured, ECR credential helper automatically uses the same credentials as the AWS CLI and the AWS SDKs to first retrieve an ECR authentication token for secure access to repositories, then lets the Docker daemon use this token when familiar Docker commands such as docker push or docker pull are used. This means that developers or build scripts using the Docker CLI no longer have to explicitly use the ECR API to retrieve a secure token, nor call docker login with this token before pushing or pulling container images.

Amazon ECR Public and the Amazon ECR Public Gallery let developers store, manage, share, and deploy container images and artifacts to anyone in the world with or without an AWS account. Announced in December 2020, ECR Public is a highly available public registry that is used millions of times each week by developers to download images. Anyone who pulls images anonymously from non-AWS computing resources gets 500 GB of free data bandwidth each month after which they can sign up for or sign in to an AWS account to continue. Then, simply authenticating with this account increases free data bandwidth to a generous 5 TB each month when pulling images. Learn more about its pricing here.

Making it even easier to use ECR Public, ECR credential helper version 0.5.0 now supports authenticating over the ECR Public API using an AWS account. After signing up or signing into an AWS account, any developer or CI/CD system can now use ECR credential helper to automatically get a secure ECR Public token to use with docker push and docker pull commands. Using the ECR credential helper when pulling from ECR Public allows developers to easily increase their free bandwidth allowance 10x when downloading publicly shared container images. Build scripts and CI/CD systems can now push and pull images to the ECR Public registry without needing to refresh tokens, just like the simple Docker CLI experience. Visit the ECR credential helper GitHub readme to get started, and we welcome your feedback and pull requests.

Omar Paul

Omar Paul

Omar is a Product Manager in the AWS container services team. He focuses on all things container registry. Before AWS, Omar worked at API startups in Austin, TX and also spent a lot of time in the Washington DC area, going to GWU and working in telecom. He thinks AWS is like thousands of startups with a common set of principles.