diff --git a/examples/jamstack/ecr_image.cue b/examples/jamstack/ecr_image.cue
index 01ce4cba..4cc58f7a 100644
--- a/examples/jamstack/ecr_image.cue
+++ b/examples/jamstack/ecr_image.cue
@@ -17,12 +17,9 @@ import (
 	awsConfig:       aws.#Config
 	buildArgs: [string]: string
 
-	pushTarget: "\(repository):\(tag)"
-
 	// Use these credentials to push
 	ecrCreds: ecr.#Credentials & {
 		config: awsConfig
-		target: pushTarget
 	}
 
 	ref: {
@@ -37,9 +34,16 @@ import (
 				}
 				buildArg: buildArgs
 			},
+			// Login to Registry
+			op.#DockerLogin & {
+				target:   repository
+				username: ecrCreds.username
+				secret:   ecrCreds.secret
+			},
 			// Push the image to the registry
 			op.#PushContainer & {
-				ref: pushTarget
+				ref:  "\(repository):\(tag)"
+				auth: ecrCreds.auth
 			},
 			op.#Export & {
 				source: "/dagger/image_ref"
diff --git a/stdlib/aws/ecr/ecr.cue b/stdlib/aws/ecr/ecr.cue
index 75b0c050..75b7de36 100644
--- a/stdlib/aws/ecr/ecr.cue
+++ b/stdlib/aws/ecr/ecr.cue
@@ -7,30 +7,21 @@ import (
 
 // Credentials retriever for ECR
 #Credentials: {
-
 	// AWS Config
 	config: aws.#Config
 
-	// Target is the ECR image
-	target: string
-
 	out: dagger.#Secret
 
 	// ECR credentials
-	credentials: dagger.#RegistryCredentials & {
-		username: "AWS"
-		secret:   out
-	}
+	username: "AWS"
+	secret:   out
 
 	aws.#Script & {
+		always:   true
 		"config": config
 		export:   "/out"
 		code: """
 			aws ecr get-login-password > /out
 			"""
 	}
-
-	// Authentication for ECR Registries
-	auth: dagger.#RegistryAuth
-	auth: "\(target)": credentials
 }