I have ECS service, which needs to pull image from https://ghcr.io via PAT token. Is this possible at all? Is there any way to authenticate to github container registry?
Thank you for the assistance!
BR,
Martin
Asked
Active
Viewed 1,385 times
6
-
1check this [article](https://aws.amazon.com/ru/blogs/containers/authenticating-with-docker-hub-for-aws-container-services/). I pretty sure that `ghcr.io` authentication process is the same as `docker hub` – rzlvmp Feb 17 '22 at 07:40
1 Answers
8
Yes it's possible. The article linked in the comment to the question shows how it is done, as does the aws documentation.
The article covers everything you need to do, at a high level:
- Create a PAT token for a Github user that has at least 'read' access to the required repo.
- Create an AWS SecretsManager secret containing credentials, in format
{ "username":"<gh-username>", "password":"<PAT-token>" } - Grant the TaskExecutionRole (not TaskRole) access to this secret - it's the execution role that requires access to pull the image.
- Set the
repository_credentialsproperty of the container definition to the arn of the secret containing credentials
Fermin
- 34,961
- 21
- 83
- 129