Skip to content
Logs into Amazon ECR with the local Docker client.
JavaScript
Use this GitHub Action with your project

Add this Action to an existing workflow or create a new one.

View on Marketplace
Branch: master
Clone or download
GitHub Actions
GitHub Actions chore: Update dist
Latest commit 1b7a010 Jan 6, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.dependabot Add dependabot config Nov 2, 2019
.github chore: Automated packaging commit uses a conventional commit message Jan 1, 2020
dist chore: Update dist Jan 6, 2020
.eslintrc.json Initial action code (#2) Nov 1, 2019
.gitignore Create dist Nov 2, 2019
CODE_OF_CONDUCT.md Creating initial file from template Oct 30, 2019
CONTRIBUTING.md Update URLs, upgrade deps Nov 8, 2019
LICENSE Creating initial file from template Oct 30, 2019
README.md Fix link to GitHub Actions secrets Dec 28, 2019
THIRD-PARTY Add third-party attributions Nov 2, 2019
action.yml fix input name Nov 18, 2019
index.js Add custom user agent Nov 4, 2019
index.test.js lint all js files Nov 2, 2019
package-lock.json
package.json chore: Bump aws-sdk from 2.596.0 to 2.597.0 Jan 6, 2020

README.md

Amazon ECR "Login" Action for GitHub Actions

Logs in the local Docker client to one or more Amazon ECR registries.

Usage

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY: my-ecr-repo
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

    - name: Logout of Amazon ECR
      if: always()
      run: docker logout ${{ steps.login-ecr.outputs.registry }}

See action.yml for the full documentation for this action's inputs and outputs.

Credentials and Region

This action relies on the default behavior of the AWS SDK for Javascript to determine AWS credentials and region. Use the aws-actions/configure-aws-credentials action to configure the GitHub Actions environment with environment variables containing AWS credentials and your desired region.

We recommend following Amazon IAM best practices for the AWS credentials used in GitHub Actions workflows, including:

  • Do not store credentials in your repository's code. You may use GitHub Actions secrets to store credentials and redact credentials from GitHub Actions workflow logs.
  • Create an individual IAM user with an access key for use in GitHub Actions workflows, preferably one per repository. Do not use the AWS account root user access key.
  • Grant least privilege to the credentials used in GitHub Actions workflows. Grant only the permissions required to perform the actions in your GitHub Actions workflows. See the Permissions section below for the permissions required by this action.
  • Rotate the credentials used in GitHub Actions workflows regularly.
  • Monitor the activity of the credentials used in GitHub Actions workflows.

Permissions

This action requires the following minimum set of permissions:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"GetAuthorizationToken",
         "Effect":"Allow",
         "Action":[
            "ecr:GetAuthorizationToken"
         ],
         "Resource":"*"
      }
   ]
}

Docker commands in your GitHub Actions workflow, like docker pull and docker push, may require additional permissions attached to the credentials used by this action. The following minimum permissions are required for pulling an image from an ECR repository:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"AllowPull",
         "Effect":"Allow",
         "Action":[
            "ecr:GetDownloadUrlForLayer",
            "ecr:BatchGetImage",
            "ecr:BatchCheckLayerAvailability"
         ],
         "Resource":"arn:aws:ecr:us-east-1:123456789012:repository/my-repo"
      }
   ]
}

The following minimum permissions are required for pushing and pulling images in an ECR repository:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"AllowPush",
         "Effect":"Allow",
         "Action":[
            "ecr:GetDownloadUrlForLayer",
            "ecr:BatchGetImage",
            "ecr:BatchCheckLayerAvailability",
            "ecr:PutImage",
            "ecr:InitiateLayerUpload",
            "ecr:UploadLayerPart",
            "ecr:CompleteLayerUpload"
         ],
         "Resource":"arn:aws:ecr:us-east-1:123456789012:repository/my-repo"
      }
   ]
}

License Summary

This code is made available under the MIT license.

You can’t perform that action at this time.