Unlike ECR Private, amazon-ecr-credential-helper is not compatible with ECR Public dual-stack endpoint #1018
Description
Overview
The amazon-ecr-credential-helper does not recognize the ECR Public dual-stack endpoint, "ecr-public.aws.com", as a valid ECR endpoint. This prevents its use for authentication.
Problem Details
Currently, the ECR Public endpoint is hardcoded to public.ecr.aws in ecr-login/api/client.go. Because of this, the ExtractRegistry function in ecr-login/api/client.go fails to validate dual-stack endpoints like ecr-public.aws.com.
As a result, when ecr-public.aws.com is passed, credential retrieval process failed, and the following error is logged.
time="2025-09-24T13:46:46+09:00" level=error msg="Error parsing the serverURL" error="docker-credential-ecr-login can only be used with Amazon Elastic Container Registry." serverURL=ecr-public.aws.com
Steps to Reproduce
Configure amazon-ecr-credential-helper.
Attempt to access an ECR Public repository using the following command:
docker pull ecr-public.aws.com/docker/library/node:24.8.0-trixie-slim
Check the log file at $HOME/.ecr/log/ecr-login.log and observe the error message mentioned above.
Proposed Solution
I suggest modifying the ExtractRegistry function in ecr-login/api/client.go to recognize ecr-public.aws.com as a valid ECR Public endpoint.
ECR Credential Helper version
0.10.1