aws-cdk-lib.pipelines.DockerCredential

class DockerCredential

LanguageType name
.NETAmazon.CDK.Pipelines.DockerCredential
Gogithub.com/aws/aws-cdk-go/awscdk/v2/pipelines#DockerCredential
Javasoftware.amazon.awscdk.pipelines.DockerCredential
Pythonaws_cdk.pipelines.DockerCredential
TypeScript (source)aws-cdk-lib » pipelines » DockerCredential

Represents credentials used to access a Docker registry.

Example

const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'DHSecret', 'arn:aws:...');
const customRegSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'CRSecret', 'arn:aws:...');
const repo1 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo1');
const repo2 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo2');

const pipeline = new pipelines.CodePipeline(this, 'Pipeline', {
  dockerCredentials: [
    pipelines.DockerCredential.dockerHub(dockerHubSecret),
    pipelines.DockerCredential.customRegistry('dockerregistry.example.com', customRegSecret),
    pipelines.DockerCredential.ecr([repo1, repo2]),
  ],
  synth: new pipelines.ShellStep('Synth', {
    input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', {
      connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });',
    }),
    commands: ['npm ci','npm run build','npx cdk synth'],
  }),
});

Initializer

new DockerCredential(usages?: DockerCredentialUsage[])

Parameters

  • usages DockerCredentialUsage[]

Properties

NameTypeDescription
usages?DockerCredentialUsage[]

usages?

Type: DockerCredentialUsage[] (optional)

Methods

NameDescription
grantRead(grantee, usage)Grant read-only access to the registry credentials.
static customRegistry(registryDomain, secret, opts?)Creates a DockerCredential for a registry, based on its domain name (e.g., 'www.example.com').
static dockerHub(secret, opts?)Creates a DockerCredential for DockerHub.
static ecr(repositories, opts?)Creates a DockerCredential for one or more ECR repositories.

grantRead(grantee, usage)

public grantRead(grantee: IGrantable, usage: DockerCredentialUsage): void

Parameters

  • grantee IGrantable
  • usage DockerCredentialUsage

Grant read-only access to the registry credentials.

This grants read access to any secrets, and pull access to any repositories.


static customRegistry(registryDomain, secret, opts?)

public static customRegistry(registryDomain: string, secret: ISecret, opts?: ExternalDockerCredentialOptions): DockerCredential

Parameters

  • registryDomain string
  • secret ISecret
  • opts ExternalDockerCredentialOptions

Returns

  • DockerCredential

Creates a DockerCredential for a registry, based on its domain name (e.g., 'www.example.com').


static dockerHub(secret, opts?)

public static dockerHub(secret: ISecret, opts?: ExternalDockerCredentialOptions): DockerCredential

Parameters

  • secret ISecret
  • opts ExternalDockerCredentialOptions

Returns

  • DockerCredential

Creates a DockerCredential for DockerHub.

Convenience method for customRegistry('https://index.docker.io/v1/', opts).


static ecr(repositories, opts?)

public static ecr(repositories: IRepository[], opts?: EcrDockerCredentialOptions): DockerCredential

Parameters

  • repositories IRepository[]
  • opts EcrDockerCredentialOptions

Returns

  • DockerCredential

Creates a DockerCredential for one or more ECR repositories.

NOTE - All ECR repositories in the same account and region share a domain name (e.g., 0123456789012.dkr.ecr.eu-west-1.amazonaws.com), and can only have one associated set of credentials (and DockerCredential). Attempting to associate one set of credentials with one ECR repo and another with another ECR repo in the same account and region will result in failures when using these credentials in the pipeline.