Docker compose up [ecs context] with private repo

Question

Trying to upload compose.yml to aws with docker-compose [ecs context]; Have my private repositories in https://hub.docker.com/.

Created ecs context, started to use it (docker context use)
Executed docker login -> login succeeded
Executed docker compose up

It fails and returns the error

ServerService TaskFailedToStart: CannotPullContainerError: inspect image has been retried 1 time(s): failed to resolve ref "docker.io/myrepo/server:latest": pull access denied, the repository does not exist or may require authorization: server message: insufficient_scope: authorization...'

How should I get access to this 'docker ecs compose' tool? Is it related somehow to aws credentials?

score 2 · Answer 1 · answered Feb 01 '21 at 07:43

You want to use the x-aws-pull_credentials key, which points to a secretsmanager ARN, as described here: https://docs.docker.com/cloud/ecs-integration/#private-docker-images

Create a secret using docker secret:

echo '{"username":"joe","password":"hunter2"}' | docker secret create myToken -
arn:aws:secretsmanager:eu-west-3:12345:secret:myToken

In your compose file:

services:
  worker:
    image: mycompany/privateimage
    x-aws-pull_credentials: "arn:aws:secretsmanager:eu-west-3:12345:secret:myToken"

Docker compose up [ecs context] with private repo

1 Answers1

Linked