I have two AWS accounts A and B, EC2s instances on account B regularly pull images from ECR on account A. There is a CI on account B that do aws ecr login and docker login to ECR (account A) and this is working well.
But in order to optimize cost, EC2s instances are shutdown by night and rebooted at morning. When they are rebooted, the service docker pull again images (don't know why) and re-up all previous running container. But the pull fails because of expired or lost credentials, and containers don't start.
I m looking for a way to avoid to do a aws ecr login at each EC2s reboot.
I m reading docs that explains how to setup IAM roles and trusted entities accros AWS Account but i m not sure what i have to do.
