Efficient and Secure Integration of Jeninks with ECR

  • AWS CLI
  • AWS ROLE
  • AWS ECR Plugin
aws ecr get-login
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"
],
"Resource": "*"
}
]
}
git clone https://github.com/awslabs/amazon-ecr-credential-helper.gitcd amazon-ecr-credential-helper/make docker
mkdir -p bin
docker run --rm \
-e TARGET_GOOS= \
-e TARGET_GOARCH= \
-v '/root/amazon-ecr-credential-helper/bin':/go/src/github.com/awslabs/amazon-ecr-credential-helper/bin \
sha256:f40028122007c4597897a7950d160497ee9963827ac218cc9e37176a21f65b25
./scripts/build_binary.sh ./bin/local 0.5.0 c5b4d8f
go: downloading github.com/aws/aws-sdk-go v1.38.44
go: downloading github.com/docker/docker-credential-helpers v0.6.3
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/pkg/errors v0.9.1
go: extracting github.com/pkg/errors v0.9.1
go: extracting github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/sirupsen/logrus v1.4.2
go: extracting github.com/sirupsen/logrus v1.4.2
go: downloading golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
go: extracting github.com/docker/docker-credential-helpers v0.6.3
go: extracting golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
go: extracting github.com/aws/aws-sdk-go v1.38.44
go: downloading github.com/jmespath/go-jmespath v0.4.0
go: extracting github.com/jmespath/go-jmespath v0.4.0
go: finding github.com/docker/docker-credential-helpers v0.6.3
go: finding github.com/mitchellh/go-homedir v1.1.0
go: finding github.com/aws/aws-sdk-go v1.38.44
go: finding github.com/sirupsen/logrus v1.4.2
go: finding golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
go: finding github.com/jmespath/go-jmespath v0.4.0
go: finding github.com/pkg/errors v0.9.1
Built ecr-login
[root@ip-10-0-0-216 amazon-ecr-credential-helper]# cd bin/local/
[root@ip-10-0-0-216 local]# ls
docker-credential-ecr-login
vim /var/lib/jenkins/.docker/config.json.
{
"credsStore": "ecr-login"
}
docker push ${AWS_ECR_REPO}/${REPO_NAME}:${currentBuild.number}docker pull ${AWS_ECR_REPO}/${REPO_NAME}:${currentBuild.number}

--

--

--

DevOps Engineer with 10+ years of experience in the IT Industry. In-depth experience in building highly complex, scalable, secure and distributed systems.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Understanding Computer System Design Fundamentals

Organizing News and Sentiments into MySQL Database

CS373 Spring 2021 Final Blog: Regina Chen

THIRD BLOG OF DSA:

Introducing Ambassador Cloud Developer Edition

Let us get started with Continuous Integration in 5 minutes

Secure Groovy Script Execution in a Sandbox

[RO Update] April Newsletter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ankur

Ankur

DevOps Engineer with 10+ years of experience in the IT Industry. In-depth experience in building highly complex, scalable, secure and distributed systems.

More from Medium

How to Render a K8s Pod Unavailable With Readiness Probes

Using Logstash to scan inside event contents to replace sensitive data with a consistent hash

Deploying web applications on AWS using Terraform

Simplify your IBM Cloud Pak component instance certificates management with IBM Cloud Pak…