Push docker image from Amazon Elastic Container Registry (ECR)

[scarytom]

I'm having an issue deploying docker containers to CF from Amazon Elastic Container Registry (ECR).

The way that ECR authentication works, if you want a username/password you need to do a separate aws cli call using your access_key / secret to get a short-lived username/password (see AWS Docs).

Now I could do this in a task, but there is no way that I know of to pass that password into the docker_password param of the following cf-resource put. I'm beginning to think that it isn't possible to push from ECR to CF using the cf-resource, hence I'm raising this issue.

I think, ideally, the cf-resource would be enhanced to offer specific support for ECR as a source, taking AWS key/secret as params, but I accept that this is a bit of work and perhaps not strictly a concern of this resource.

Failing that, I would be able to work around the issue if it were possible to specify a docker_password_file param, pointing to a file containing the password that I have populated in an earlier task.

[scarytom]

For reference, the https://github.com/concourse/docker-image-resource takes aws_access_key_id/aws_secret_access_key params and can push/pull from ECR

[scarytom]

Looking at the instructions for deploying to CF from Google Container Registry (GCR) https://docs.cloudfoundry.org/devguide/deploy-apps/push-docker.html I think the same issue applies.