How to authenticate docker client commands in AWS?

0
votes

Below authentication can be implemented using certificates(client & server), for any human user using docker client that talks to docker daemon:

enter image description here

But, jenkins pipeline also run docker commands to talk to docker daemon.

How to authenticate jenkins pipeline to run specific docker commands? where this pipeline is launched as jenkins slave container in AWS EC2 on every new commit in Git..... Does ECS cluster approach in launching pipeline task help in authentication?

1
amazon-web-servicesdockerauthenticationamazon-iamamazon-ecs
you want to pull image from docker hub or AWS ECR? - Adiii
@Adiii yes...we also push image... we cannot anticipate the commands that a pipeline can run in future... we cannot restrict any developer to run specific comands unless you provide authentication. - overexchange
Amazon ECR requires that users have allow permissions to the ecr:GetAuthorizationToken API through an IAM policy before they can authenticate to a registry and push or pull any images from any Amazon ECR repository. Amazon ECR provides several managed IAM policies to control user access at varying levels; for more information - Adiii
docs.aws.amazon.com/AmazonECR/latest/userguide/… - Adiii

1 Answers

1
votes

You can run docker login from your jenkins script and store the secrets in jenkins config. You could also pre-install credentials on the machine as part of your build process. If you are talking about permissions to talk to the daemon, you have to give the jenkins user the appropriate permissions (usually add it to the docker group`