When using the AWS CLI command of aws ecr get-login-password --region us-east-1
I get a reasonably sized token to use with my Docker commands. Using the API however generates a much larger token that is invalid and causes a 400 error when attempting to have Docker login.
var ecrClient = new AmazonECRClient(awsAccessKeyId, awsSecretAccessKey, RegionEndpoint.USEast1);
var tokenResponse = await ecrClient.GetAuthorizationTokenAsync(new GetAuthorizationTokenRequest());
var token = tokenResponse.AuthorizationData.Single().AuthorizationToken;
the awsAccessKeyId
and awsSecretAccessKey
are both identical from the API usage to the CLI usage (when doing aws configure
and setting them there). Documentation for the API is a bit sparse, what am I missing (or misunderstanding)?
Turns out that the response from the API is Base64Encoded (it does actually say that in the docs, I just assumed that the token from the CLI was also encoded and that I didn't need to decode it, just pass it along as given).
Decoding it via:
var tokenData = Convert.FromBase64String(tokenResponse.AuthorizationData.Single().AuthorizationToken);
var tokenContent = Encoding.UTF8.GetString(tokenData);
Returns a string in the format of Foo:bar
where bar
is the token that matches the return from the CLI. So splitting it on the colon then provides you the same information you would via the CLI.