gistfile1.txt

define :docker_ecr_login, 
       region: 'us-east-1',
       registry_url: nil do 

  include_recipe 'poise-python::default'

  python_package 'awscli' do
    version node['systems']['awscli']['version']
    action :upgrade
  end

  ruby_block "grab_login_password" do
    block do
      #tricky way to load this Chef::Mixin::ShellOut utilities
      Chef::Resource::RubyBlock.send(:include, Chef::Mixin::ShellOut)      
      ecr_login_command = 'aws ecr get-login --region ' + params[:region] + '|cut -d " " -f 6'
      ecr_password = shell_out(ecr_login_command)
      Chef::Log.debug("ECR Password: #{ecr_password.stdout}")
      node.set['aws']['ecr_password'] = ecr_password.stdout
    end
    action :create
  end
      
  docker_registry "https://#{params[:registry_url]}" do
    username 'AWS'
    password lazy { node['aws']['ecr_password'] }
  end
end

Getting issues with 301 response:

       ================================================================================
       Error executing action pull on resource 'docker_image[123456789.dkr.ecr.eu-west-1.amazonaws.com/imgname]'
       ================================================================================

       Excon::Error::MovedPermanently
       ------------------------------
       Expected([200, 201, 202, 203, 204, 304]) <=> Actual(301 Moved Permanently)

Did anyone see this problem and know the workaround?

Can anyone let me know where to place this is my cookbook?

Can anyone help how to use this recipe ?

As nobody as helped out here before now, I'll describe how to use this.

This gist is a chef definition. You create a file 'docker_ecr_login.rb' inside a 'definitions' folder of your cookbook. This makes the login action accessible as a resource from with your recipe. To be clear, DON'T put the code above in your recipe - it won't work.

The definition is compiled at converge time, but the login is lazily evaluated as the login response from ECR is not known at deploy time - the command has to run first. Anyway that's not really important, to use this in a cookbook, define the resource as follows:

docker_ecr_login 'world_server' do
  registry_url   "#{ node['docker_registry']['serveraddress'] }"
end

You can optionally specify region to override the default region, which is us-east-1.

Nice, thanks

I notice that the code installs the AWS CLI, but it does not configure it with any IAM auth credentials before calling the ecr get-login command; I wonder how that works, anyone know? :\

I guess it's more of an AWS question than a Chef question, but it is still holding me up.

Edit: Well, I answered my own question: Using AWS IAM roles and instance profiles; the AWS CLI will automatically assume the role assigned to the EC2 instance it is being executed on.