AWS ECR Secretless Access

AWS Elastic Container Registry (ECR) supports secretless authentication using OIDC tokens and IAM roles.

Overview

ECR integrates with AWS IAM to enable push and pull operations using temporary credentials from OIDC tokens. This provides:

• No Access Keys: OIDC tokens replace AWS access keys
• Automatic Authentication: Seamless access from GitHub Actions, GitLab CI
• Repository Policies: Fine-grained access controls
• Cross-Account Access: Assume roles for multi-account setups

Key Capabilities

• OIDC-based authentication via IAM roles
• ECR authentication token generation
• Repository and image-level permissions
• Private and public registry support

Contributing

This page is a placeholder. We need your help to create comprehensive documentation!

What we need:

• Complete setup guide for ECR OIDC authentication
• Docker login configuration with OIDC
• CI/CD integration examples (GitHub Actions, GitLab CI)
• IAM role and policy configuration
• Cross-account registry access
• Troubleshooting authentication issues
• Integration guides (e.g., github-actions-to-ecr)

How to contribute:

• Open an issue to discuss content
• Submit a pull request with documentation
• Share your ECR authentication workflows

Resources

• AWS ECR Documentation
• AWS IAM OIDC