GetAuthorizationToken - Amazon Elastic Container Registry

GetAuthorizationToken

Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.

The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The AWS CLI offers an get-login-password command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide.

Request Syntax

{ "registryIds": [ "string" ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

registryIds

This parameter has been deprecated.

A list of AWS account IDs that are associated with the registries for which to get AuthorizationData objects. If you do not specify a registry, the default registry is assumed.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 10 items.

Pattern: [0-9]{12}

Required: No

Response Syntax

{ "authorizationData": [ { "authorizationToken": "string", "expiresAt": number, "proxyEndpoint": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

authorizationData

A list of authorization token data objects that correspond to the registryIds values in the request.

Type: Array of AuthorizationData objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidParameterException

The specified parameter is invalid. Review the available parameters for the API request.

HTTP Status Code: 400

ServerException

These errors are usually caused by a server-side issue.

HTTP Status Code: 500

Examples

In the following example or examples, the Authorization header contents (AUTHPARAMS) must be replaced with an AWS Signature Version 4 signature. For more information about creating these signatures, see Signature Version 4 Signing Process in the AWS General Reference.

You only need to learn how to sign HTTP requests if you intend to manually create them. When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to AWS, these tools automatically sign the requests for you with the access key that you specify when you configure the tools. When you use these tools, you don't need to learn how to sign requests yourself.

Example

This example gets an authorization token for your default registry.

Sample Request

POST / HTTP/1.1 Host: ecr.us-east-1.amazonaws.com Accept-Encoding: identity Content-Length: 2 X-Amz-Target: AmazonEC2ContainerRegistry_V20150921.GetAuthorizationToken X-Amz-Date: 20220516T185613Z User-Agent: aws-cli/1.9.9 Python/2.7.10 Darwin/14.5.0 botocore/1.3.9 Content-Type: application/x-amz-json-1.1 Authorization: AUTHPARAMS {}

Sample Response

HTTP/1.1 200 OK Server: Server Date: Sun, 17 May 2022 06:56:13 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 1590 Connection: keep-alive x-amzn-RequestId: 123a4b56-7c89-01d2-3ef4-example5678f { "authorizationData": [ { "authorizationToken": "QVdTOkNpQzErSHF1ZXZPcUR...", "expiresAt": "2022-05-17T06:56:13.652000+00:00", "proxyEndpoint": "https://012345678910.dkr.ecr.us-east-1.amazonaws.com" } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: