Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.
The authorizationToken
returned is a base64 encoded string that can be decoded and used in a docker login
command to authenticate to a registry. The CLI offers an get-login-password
command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
get-authorization-token
[--registry-ids <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--registry-ids
(list)
A list of Amazon Web Services account IDs that are associated with the registries for which to get AuthorizationData objects. If you do not specify a registry, the default registry is assumed.
(string)
Syntax:
"string" "string" ...
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
See ‘aws help’ for descriptions of global parameters.
Note
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
To get an authorization token for your default registry
The following get-authorization-token
example command gets an authorization token for your default registry.
aws ecr get-authorization-token
Output:
{
"authorizationData": [
{
"authorizationToken": "QVdTOkN...",
"expiresAt": 1448875853.241,
"proxyEndpoint": "https://123456789012.dkr.ecr.us-west-2.amazonaws.com"
}
]
}
authorizationData -> (list)
A list of authorization token data objects that correspond to the
registryIds
values in the request.(structure)
An object representing authorization data for an Amazon ECR registry.
authorizationToken -> (string)
A base64-encoded string that contains authorization data for the specified Amazon ECR registry. When the string is decoded, it is presented in the format
user:password
for private registry authentication usingdocker login
.expiresAt -> (timestamp)
The Unix time in seconds and milliseconds when the authorization token expires. Authorization tokens are valid for 12 hours.
proxyEndpoint -> (string)
The registry URL to use for this authorization token in a
docker login
command. The Amazon ECR registry URL format ishttps://aws_account_id.dkr.ecr.region.amazonaws.com
. For example,https://012345678910.dkr.ecr.us-east-1.amazonaws.com
..