Using AWS ECR with portainer push/pull images not working

Question

I'm having trouble getting portainer to work properly with AWS ECR. I got my images up and running on ECR, if I run my docker-compose with the command line via SSH it's working as expected. If i do a simple docker pull {myid}.dkr.ecr.eu-west-1.amazonaws.com/{repository} it's working also.

But if i try to go to the same image via the portainer GUI and hit pull/push i always got this message:

My repository settings: At least with portainer i can have a good overview of my running container and available images, but it's a shame that, so far, i can't update them with the GUI. Usually when making an update, i push (from my local computer) and then in portainer i re-create the container and specify to pull the new image. Of course, as of now, i can't with the failing pull..

When using docker "cli" i can do whatever i want, push, pull and my docker-compose which is using my ECR images can run without issue.

Thanks in advance.

Unfortunatly nope, i'm using aws cli to do that with my npm tasks. If interested i added the solution in my post. — Slade, Oct 31 '20 at 16:45

score 1 · Answer 1 · answered Dec 11 '20 at 15:50

I solved this problem by creating a cronjob on the server that runs the login script for the AWS ECR Repository (explained here) every 30 minutes or so. This way you don't need to add the registry in portainer.

You could retrieve the password throgh AWS CLI explained here and use this to login with portainer. But the reason this is a bad idea is because AWS resets the password twice a day so the login would only be valid for 12 hours.

score 0 · Answer 2 · answered Oct 31 '20 at 16:46

Unfortunatly nope, i'm using aws cli to do that with my npm tasks. If interested here it is: `

  "publish": "npm run _docker:build && npm run _aws:auth && npm run _aws:tag && npm run _aws:push && npm run _docker:prune",
  "_docker:build": "docker build -t *yourImageName* .",
  "_aws:auth": "aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin *yourID*.dkr.ecr.eu-west-1.amazonaws.com",
  "_aws:tag": "docker tag *yourImageName:latest* yourID.dkr.ecr.eu-west-1.amazonaws.com/*yourImageName*:latest",
  "_aws:push": "docker push *yourID*.dkr.ecr.eu-west-1.amazonaws.com/*yourImageNam*e:latest",
  "_docker:prune": "docker image prune -f"

`

score 0 · Answer 3 · answered Aug 29 '22 at 16:58

after signifact amount of time, seems I solved this one. The issue was in internal portainer overlay network conflicting with subnetwork on EC2 instances. So, internal docker DNS was overlayed by Subnet CIDR. I had CIDR 10.0.1.0/24 on AWS and seems like docker also uses it. After recreating subnet with the new CIDR like 192.168.1.0/20 everything works!

Using AWS ECR with portainer push/pull images not working

3 Answers3