How do I add AWS ECR as a registry?

[j0urneyk]

Hello,

First of all, thank you for creating such an excellent open‑source project.

I’m trying to add AWS ECR under the Registry menu, but I’m not sure what to put in the Password field.

Typically, AWS ECR authentication is done like this:

$ aws ecr get-login-password --region {region} | docker login --username AWS --password-stdin {aws-account-id}.dkr.ecr.{region}.amazonaws.com

However, the password returned by aws ecr get-login-password expires after a certain period.

In other words, it’s inconvenient to have to update the configured registry’s password every time the existing one expires.

Is there a way to avoid this and configure a non‑expiring or automatically refreshed authentication for AWS ECR?

Thank you for your help!

[jakub-msqt]

I'd like to use ECR registry as well and I'm dealing with the same problem.
Interestingly enough, the placeholder Registry URL is using ECR so I'd hope there's a way.

@Siumauricio or anyone has an idea how to make this work?

[j0urneyk]

Since the maintainer doesn't seem to be interested in this issue, I'm sharing a hacky workaround I used a few months ago.

In short, I mounted AWS credentials and the amazon-ecr-credential-helper package into the Dokploy container.

1. Basic Setup

I ran Dokploy on an Ubuntu base, so I installed the following packages:

$ apt update -y
$ apt upgrade -y
$ apt install sudo vim curl wget net-tools -y

2. Configuration $HOME/.docker/config.json

The amazon-ecr-credential-helper will not work correctly if you don't modify .docker/config.json as follows:

$ mkdir $HOME/.docker

$ vim $HOME/.docker/config.json

# Add the following content to the $HOME/.docker/config.json file and save it.
{
    "credsStore": ""
}

$ echo 'export DOCKER_CONFIG="$HOME/.docker"' >> $HOME/.bashrc && source $HOME/.bashrc

3. Configuration AWS credentials and install amazon-ecr-credential-helper

$ mkdir $HOME/.aws

$ vim $HOME/.aws/config

# $HOME/.aws/config
[default]
region={your-region}

$ vim $HOME/.aws/credentials

# $HOME/.aws/credentials
[default]
aws_access_key_id={aws_access_key_id}
aws_secret_access_key={aws_secret_access_key}

$ apt install amazon-ecr-credential-helper -y

4. Mount aws credentials and amazon-ecr-credential-helper to dokploy service create

I modified the Dokploy service creation part of the dokploy install script as follows:

$ docker service create \
        --name dokploy \
        --replicas 1 \
        --network dokploy-network \
        --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
        --mount type=bind,source=/etc/dokploy,target=/etc/dokploy \
        --mount type=bind,source=/root/.docker,target=/root/.docker \
        --mount type=bind,source=/root/.aws,target=/root/.aws \
        --mount type=bind,source=/usr/bin/docker-credential-ecr-login,target=/usr/bin/docker-credential-ecr-login \
        --publish published=9999,target=3000,mode=host \
        --update-parallelism 1 \
        --update-order stop-first \
        --constraint 'node.role == manager' \
        -e TRAEFIK_SSL_PORT=443 \
        -e TRAEFIK_PORT=80 \
        -e ADVERTISE_ADDR=$advertise_addr \
        -e RELEASE_TAG=canary \
        dokploy/dokploy:canary

The mounts I added for ECR authentication are as follows:

--mount type=bind,source=/root/.docker,target=/root/.docker \
--mount type=bind,source=/root/.aws,target=/root/.aws \
--mount type=bind,source=/usr/bin/docker-credential-ecr-login,target=/usr/bin/docker-credential-ecr-login \

5. Test ECR Connection

Access the Dokploy UI, navigate to the Registry menu, enter the following Registry information, and test the connection.

• Username
  • AWS
• Password
  • "{your-aws-account-id}.dkr.ecr.{your-region}.amazonaws.com" | docker-credential-ecr-login get | grep -oP '"Secret"\s*:\s*"\K[^"]+'
• Registry URL
  • {your-aws-account-id}.dkr.ecr.{your-region}.amazonaws.com