From 170c195ff273fd367cf7ff461cf5d9d66f85707f Mon Sep 17 00:00:00 2001 From: Brian Rinaldi Date: Fri, 30 Jan 2026 14:28:41 -0500 Subject: [PATCH] Update docs for new repository credentials As of LocalStack 4.13, ECS supports the repositoryCredentials parameter, making the workaround listed in this page no longer necessary. Fixes [DOC-25](https://linear.app/localstack/issue/DOC-25/update-docs-ecs-repository-credentials) --- src/content/docs/aws/services/ecs.mdx | 53 +++++++++++---------------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/src/content/docs/aws/services/ecs.mdx b/src/content/docs/aws/services/ecs.mdx index 337d74ed..2ebb1519 100644 --- a/src/content/docs/aws/services/ecs.mdx +++ b/src/content/docs/aws/services/ecs.mdx @@ -1,12 +1,12 @@ --- -title: "Elastic Container Service (ECS)" -tags: ["Base"] +title: 'Elastic Container Service (ECS)' +tags: ['Base'] description: Get started with Elastic Container Service (ECS) on LocalStack persistence: supported --- import { Badge } from '@astrojs/starlight/components'; -import FeatureCoverage from "../../../../components/feature-coverage/FeatureCoverage"; +import FeatureCoverage from '../../../../components/feature-coverage/FeatureCoverage'; ## Introduction @@ -70,11 +70,7 @@ To create a task definition that runs an `ubuntu` container forever (by running "image": "ubuntu", "cpu": 10, "memory": 10, - "command": [ - "sh", - "-c", - "while true; do echo running; sleep 1; done" - ], + "command": ["sh", "-c", "while true; do echo running; sleep 1; done"], "essential": true, "logConfiguration": { "logDriver": "awslogs", @@ -317,31 +313,26 @@ container.add_mount_points( ## Private registry authentication -To download images from a private registry using LocalStack, you must provide your credentials. -You can pass your Docker credentials to the container by setting the `DOCKER_CONFIG` environment variable and mounting the `~/.docker/config.json` file as a volume at `/config.json`. -Your file paths might differ, so check Docker's documentation on [Environment Variables](https://docs.docker.com/engine/reference/commandline/cli/#environment-variables) and [Configuration Files](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files) for details. - -Here is a Docker Compose example: - -```yaml showshowLineNumbers -services: - localstack: - container_name: "${LOCALSTACK_DOCKER_NAME:-localstack-main}" - image: localstack/localstack-pro - ports: - - "127.0.0.1:4566:4566" - - "127.0.0.1:4510-4559:4510-4559" - - "127.0.0.1:443:443" - environment: - - LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN:?} - - DOCKER_CONFIG=/config.json - volumes: - - "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack" - - "/var/run/docker.sock:/var/run/docker.sock" - - ~/.docker/config.json:/config.json:ro +To download images from a private registry using LocalStack, you must provide your credentials. LocalStack (as of 4.13.0) supports the `repositoryCredentials` parameter in an ECS task definition allowing ECS to pull images from registries that require authentication. This is currently only implemented for Docker executor, with support for the Kubernetes executor forthcoming. + +Below is a minimal example demonstrating the use of `repositoryCredentials` in an ECS task definition: + +```json showshowLineNumbers +{ + "family": "...", + "containerDefinitions": [ + { + "name": "...", + "image": "private-registry.example.com/my-image:latest", + "repositoryCredentials": { + "credentialsParameter": "arn:aws:secretsmanager:us-east-1:000000000000:secret:my-registry-credentials" + } + } + ] +} ``` -Alternatively, you can download the image from the private registry before using it or employ an [Initialization Hook](/aws/capabilities/config/initialization-hooks) to install the Docker client and use these credentials to download the image. +The `credentialsParameter` value is the ARN of a Secrets Manager secret containing the registry credentials. ## Firelens for ECS Tasks