This repository contains a collection of minimalist PowerShell scripts designed to streamline authentication for AWS CodeArtifact (NuGet) and Amazon ECR (Docker).
These utilities were originally developed as personal presets to eliminate the friction of manually executing repetitive AWS CLI commands. While the logic is straightforward, these scripts provide a reliable, cross-platform way to manage local NuGet authentication for private .NET registries and Docker registry access for container workflows.
The scripts function as transparent wrappers for the official AWS CLI v2. By utilizing PowerShell Core (pwsh), they maintain consistent behavior across Windows, macOS, and Linux.
- Automated Token Management: Simplifies the process of refreshing NuGet and Docker credentials.
- Cross-Platform: Built with
pwshto ensure compatibility across all major operating systems. - Minimalist Design: The code is concise and transparent, making it easy to audit or integrate into automated pipelines.
- SSO Ready: Native support for AWS Single Sign-On (SSO) workflows.
To use these scripts, you must have the official AWS CLI v2 installed and configured on your system.
How to use it.
For local development using AWS SSO, include the -SSO flag to trigger the browser-based login. If you use static IAM credentials (Access Key and Secret Key) already configured in your AWS profile, you may omit this flag.
git clone https://github.com/karimz1/aws-auth-pwsh.git
pwsh ./aws-auth-pwsh/refreshNugetToken.ps1 -SSO # auth nuget using code artifact
pwsh ./aws-auth-pwsh/refreshEcrDockerToken.ps1 -SSO # auth docker using ecrThese scripts are highly effective in CI/CD environments. Below is an example of how they can be used within a GitHub Action to authenticate a private repository.
jobs:
build:
runs-on: ubuntu-latest
defaults:
run:
shell: pwsh
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::MyAwsAccount:role/Github_Actions_Workflow_Role
aws-region: us-east-1
- name: Refresh NuGet tokens from CodeArtifact
run: |
git clone https://github.com/karimz1/aws-auth-pwsh.git
./aws-auth-pwsh/refreshNugetToken.ps1I regularly update the scripts if something breaks, so you can just git clone the repo. The script filenames will never change for consistency. I use these scripts in my personal projects as well, so this repo is the single source of truth.
The refreshNugetToken.ps1 script authenticates your local environment to interact with private NuGet registries hosted on AWS.
- Standard:
./refreshNugetToken.ps1 - With SSO Login:
./refreshNugetToken.ps1 -SSO - Debug Mode:
./refreshNugetToken.ps1 -DEBUG $true
The refreshEcrDockerToken.ps1 script automates the docker login process for your Amazon ECR repositories.
- Standard:
./refreshEcrDockerToken.ps1 - With SSO Login:
./refreshEcrDockerToken.ps1 -SSO
For local development, I recommend utilizing the -SSO flag. Authenticating via SSO is a security best practice, as it avoids the use of long-term, hard-coded credentials on your local machine.
This project is released under the MIT License.