I tried to push the Docker container. But it gave me a "no basic auth credentials" error. Even I used aws ecr get-login-password and entered my credentials with docker configure and managed to create repository from terminal in AWS, pushing did not work. Does anybody know why I cannot push to AWS?
I used docker push <my-account-id>.dkr.ecr.us-east-1.amazonaws.com/<awsrepo-details>:latest to push the image
Thank in advance.
it is authentication, first retrieve an authentication token and authenticate your Docker client to your registry:
aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin {account_id}.dkr.ecr.ap-south-1.amazonaws.com
after you build and tag, push depending on your tag:
docker push ${account_id}.dkr.ecr.ap-south-1.amazonaws.com/${repo_name}:latest
Related
when I try to push a docker image to aws ecr it fails giving the following
sudo docker push xxxxxxx.dkr.ecr.us-east-2.amazonaws.com/my-app:1.0
7d9a9c94af8d: Preparing
f77d412f54b5: Preparing
629960860aca: Preparing
f019278bad8b: Preparing
8ca4f4055a70: Preparing
3e207b409db3: Waiting
no basic auth credentials
although logging in is done successfully
aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin xxxx.dkr.ecr.us-east-2.amazonaws.com
Login Succeeded
And the /home/[my user]/.docker/config.json file has the following data
{
"auths": {
"xxxx.dkr.ecr.us-east-2.amazonaws.com": {
"auth": "QVsVkhaRT...."
}
}
}
I am using aws cli version 2.3.5
aws --version
aws-cli/2.3.5 Python/3.8.8 Linux/5.8.0-63-generic exe/x86_64.ubuntu.20 prompt/off
I am using docker version 20.10.10
docker --version
Docker version 20.10.10, build b485636
How can I solve this problem?
You're running sudo docker push.
This means that the credentials in your account won't be used. Instead, Docker is trying to use (nonexistent) credentials in the root user account.
Changing your command to docker push should suffice.
I have created one ECR repository as public. Now, from my on-premises docker server, I build the image and I wanted to push the image in AWS ECR as public image. AWS has given option view push option but It did not work, getting below error while running the below command.
**docker login -u AWS -p $(aws ecr get-login-password --region ap-northeast-2)
public.ecr.aws/m8r0s3o9**
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: login attempt to https://public.ecr.aws/v2/ failed with status: 400 Bad Request
For private repository it works fine for me.
Any suggestion would be highly appreciable, do i need to add any role/policy to my aws user?
Thanks for your feedback guidance.
I found the issue, I was referring "view push command instructions" where respective region show in the command.
But for public repository need to run below command always.
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/<your repo name>
so in short, When authenticating to a public registry, always authenticate to the us-east-1 Region when using the AWS CLI.
It resolved my issue and i was able to push the docker images in ECR. Rest command are same.
I'm trying to login to ECR using Jenkins pipeline using the command shown in AWS
aws ecr get-login-password --region <region-id> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region-id>.amazonaws.com
When I use it inside the bash container it works "Login Succeeded", Instead using it within the pipeline
sh "command"
Unfortunately, it returns
PS: I do have the last version of AWSCLI installed, Please can someone help
Option 1:
You can do use docker.withRegistry in your Jenkinsfile to login into ECR.
Save aws credential as username password in Jenkins with some ID lets say "aws_credential" and use below in your pipeline
docker.withRegistry('https://$<account-id>.dkr.ecr.<region-id>.amazonaws.com', 'ecr:<region-id>:aws_credential') {
// do something after login
} // withRegistry
Option 2: Instead of login using Jenkins pipeline you can use cron to login daily or after reboot using below
#reboot aws ecr get-login-password --region <region-id> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region-id>.amazonaws.com
01 01 * * * aws ecr get-login-password --region <region-id> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region-id>.amazonaws.com
I personally opt for Option 2
I am getting this error when I try to push a docker container
denied: Your Authorization Token has expired.
I had aws ecr get-login --no-include-email --region us-east-1, I tried the hack someone posted here where you take out the https none have worked.
When I run aws ecr get-login ... I get the code I copy and paste it and get a successful message but when I try to push my docker container I get the denied: Your Authorization Token has expired. I am using docker version Docker version 17.03.1-ce. Any Ideas what I can do?
Thanks!
Please use following command combination:
aws ecr get-login-password --region <REGION> | docker login --username AWS --password-stdin <AWS_ACCOUNT_NO>.dkr.ecr.<AWS_REGION_NAME>.amazonaws.com
Quoting from the documentation:
"This command retrieves and displays an authentication token using the GetAuthorizationToken API that you can use to authenticate to an Amazon ECR registry. You can pass the authorization token to the login command of the container client of your preference, such as the Docker CLI. "
Reference: https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login-password.html
One reason can be the aws-cli version. The version of this CLI tool which seems to be a Python package can be seen in aws --version. I encountered this error for the version aws-cli/2.1.29, but not in the older version aws-cli/1.18.40.
The "aws ecr get-login" command is deprecated, Amazon recommends to use "aws ecr get-login-password" instead.
I've followed the instructions on the Amazon ECR Plugin (https://wiki.jenkins-ci.org/display/JENKINS/Amazon+ECR, which simply instructs a user to install the Amazon ECR configure the Docker Build & Deploy plugin), but Jenkins is unable to authenticate with ECR.
The error message produced is:
denied: Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one.
Any advice anyone can provide is greatly appreciated.
I always use this command as the first step in my Jenkins jobs for login to ECR:
aws ecr get-login --no-include-email --profile ecr | bash
where "--profile ecr" is predefined profile in Jenkins (.asw/config, .aws/credentials)
If you set the variable env.AWS_ECR_LOGIN=true in your pipeline, the issue is resolved. It is something on the docker.withregistry step:
https://issues.jenkins-ci.org/browse/JENKINS-44143