I just updated my docker version and found out that command
aws ecr get-login
is not working anymore. Got error:
unknown shorthand flag: 'e' in -e`. Seems that docker doesn't support -e flag anymore.
Is there a way to fix this?
Installed versions:
aws-cli/1.11.111 Python/2.7.10 Darwin/16.6.0 botocore/1.5.74
Docker version 17.06.0-ce-rc5, build b7e4173
add this to your call
--no-include-email
here is the new valid syntax :
aws ecr get-login ${normal_params_here} --no-include-email
aws ecr get-login --region us-east-1 --no-include-email # for example
This new option is available in AWS CLI as of version 1.11.91 released on 05/23/2017 ... issue this to upgrade :
pip install --upgrade awscli
see details here
https://github.com/docker/for-mac/issues/1762
https://github.com/aws/aws-cli/issues/1926
to quote :
"You should have received an email notification from Amazon around May 23 2017 about the new --no-include-email flag on aws ecr get-login for compatibility with [Docker] 17.06.0"
For example after I issue following
aws ecr get-login --region us-east-1 --no-include-email
it shows me following output
docker login -u AWS -p foobarZUFtSzg4SDBUa0lDSEpTNUQ5M3pDVDhHNi9jS2s3SExhQWpheEVMWTlmY0pNWlphOEN5M2hJTUFoMDlJczd0anVoRk9CKzE1ODdBdmQ1ZzRNR3pKa1lMZ2NTOGo4Mk1sZGlwdDRjQlJyOERvaDFiaEt6TWRlVHkzalA2Um5RSTBNNW5qRW9WL1ZlaEhxMTV4bjl5aXQrV1NXMnp1NWNwek1JQWVxRjd0YWhZWkxxYmdRVjdldE9LQUY3dW5OWFFSM20vY0x4L1ZKWW9BZzlNM0wrQy8vdENEQXRXMFpvTTNrVXNxTHg4MEFQQXJRV08yZ1BRb0VLcHo1ZE1sc1JLS25hWit2eGVzODdlUFZ3OS9tT29BV0pEUzBSWUx0ellsUUVKNUpadXlkbXlnL2owL2N5VUJaSWNpajJaVExrYTlwRm9STkVhejVZKzhBU3N4S1c4RWNIOThuNi8xcDRDU09lcnlQUjUwYnRGZ1RtWk5LNVRTaW92ZXhNYUs2RFpLTU83MHgvYlpRcXgxYWh5U2FFTXR5RlMxempqVlFva3JVeTYrQVMwL09pQ2NRV1o2S01kMDc5akNDdE5YakFzamNsUTUzZVE4TUFUTWIrYTBBNFlIaDJNcFJ2RjU5dWNHS2tYUkl4WGNVY1Zpc2l4NmJNaEo4dEZsK0hEem5PSXRHRmh3b3lZV093OEw3dFlwbFFTSEFTaVdsemRSVTNvQmREQ2FCZys3R09BUW96SWxsWnV2Yk51cG1qWkFzMWE5MzdMelQ0Y25lemYwbWZUSFBDVVpzYzQ2Wk1jWkl4MjMrU0lpL3g3aFZ1NXJzcklVVFJTd1UwRUpLbFNIUkZKZ0xqZ0R1bnVrSGlrY0pnZEhseDlKRmloWEM3REF6bDByMkc4LzN1SG4xeEFCdWVlN2tUU2dsS0lTcW45ejI3eUlCc3BjOUhxU2JuUzNTOGVJamJvdmdaQWNNL1R2YUVTTEdsM0hrUnlXb04zUVhFM2NWa1poR1ZDZEJCTlRiekkvMUlLVENnNnlKNTVibThMTE0rcEdFQ1h1M1JwWWZUU3VLOVc0NytQVkJUSWtsNnhrd0Jobm9nZ1MwUkYyc2xNb1F6S08zZHhva24zN0dSS1hoOXhSbG85RVlWOHZLRzVzbjdhbnhpby9EL3ZDbHFXWTlLRGVwOGxMK0NhR3lpbDRHZ3JwWmtWampaaExzQ1cyTWk0L3NXUTEyV0ZCR0JnOSIsImRhdGFrZXkiOiJBUUVCQUhod20wWWFJU0plUnRKbTVuMUc2dXFlZWtYdW9YWFBlNVVGY2U5UnE4LzE0d0FBQUg0d2ZBWUpLb1pJaHZjTkFRY0dvRzh3YlFJQkFEQm9CZ2txaGtpRzl3MEJCd0V3SGdZSllJWklBV1VEQkFFdU1CRUVESnpKWXZhbXBFRkFSVUx5bUFJQkVJQTcwZk1ZUlU4bG9RVnRwMWJJUHRoZktTOFMzZVpZNS8rT0orL0RmSjZXNVpiK0p0TURXZmZ5Rm9vc0gzMDFVWS9OQ1lzb2hWM1FER2E3NmZ3PSIsInZlcnNpb24iOiIyIiwidHlwZSI6IkRBVEFfS0VZIiwiZXhwaXJhdGlvbiI6MTU2NDkxNTYyOH0= https://092412696969.dkr.ecr.us-east-1.amazonaws.com
so to complete docker login to aws repository copy N paste above back into same terminal, as per ...
docker login -u AWS -p foobarZUFtSzg4SDBUa0lDSEpTNUQ5M3pDVDhHNi9jS2s3SExhQWpheEVMWTlmY0pNWlphOEN5M2hJTUFoMDlJczd0anVoRk9CKzE1ODdBdmQ1ZzRNR3pKa1lMZ2NTOGo4Mk1sZGlwdDRjQlJyOERvaDFiaEt6TWRlVHkzalA2Um5RSTBNNW5qRW9WL1ZlaEhxMTV4bjl5aXQrV1NXMnp1NWNwek1JQWVxRjd0YWhZWkxxYmdRVjdldE9LQUY3dW5OWFFSM20vY0x4L1ZKWW9BZzlNM0wrQy8vdENEQXRXMFpvTTNrVXNxTHg4MEFQQXJRV08yZ1BRb0VLcHo1ZE1sc1JLS25hWit2eGVzODdlUFZ3OS9tT29BV0pEUzBSWUx0ellsUUVKNUpadXlkbXlnL2owL2N5VUJaSWNpajJaVExrYTlwRm9STkVhejVZKzhBU3N4S1c4RWNIOThuNi8xcDRDU09lcnlQUjUwYnRGZ1RtWk5LNVRTaW92ZXhNYUs2RFpLTU83MHgvYlpRcXgxYWh5U2FFTXR5RlMxempqVlFva3JVeTYrQVMwL09pQ2NRV1o2S01kMDc5akNDdE5YakFzamNsUTUzZVE4TUFUTWIrYTBBNFlIaDJNcFJ2RjU5dWNHS2tYUkl4WGNVY1Zpc2l4NmJNaEo4dEZsK0hEem5PSXRHRmh3b3lZV093OEw3dFlwbFFTSEFTaVdsemRSVTNvQmREQ2FCZys3R09BUW96SWxsWnV2Yk51cG1qWkFzMWE5MzdMelQ0Y25lemYwbWZUSFBDVVpzYzQ2Wk1jWkl4MjMrU0lpL3g3aFZ1NXJzcklVVFJTd1UwRUpLbFNIUkZKZ0xqZ0R1bnVrSGlrY0pnZEhseDlKRmloWEM3REF6bDByMkc4LzN1SG4xeEFCdWVlN2tUU2dsS0lTcW45ejI3eUlCc3BjOUhxU2JuUzNTOGVJamJvdmdaQWNNL1R2YUVTTEdsM0hrUnlXb04zUVhFM2NWa1poR1ZDZEJCTlRiekkvMUlLVENnNnlKNTVibThMTE0rcEdFQ1h1M1JwWWZUU3VLOVc0NytQVkJUSWtsNnhrd0Jobm9nZ1MwUkYyc2xNb1F6S08zZHhva24zN0dSS1hoOXhSbG85RVlWOHZLRzVzbjdhbnhpby9EL3ZDbHFXWTlLRGVwOGxMK0NhR3lpbDRHZ3JwWmtWampaaExzQ1cyTWk0L3NXUTEyV0ZCR0JnOSIsImRhdGFrZXkiOiJBUUVCQUhod20wWWFJU0plUnRKbTVuMUc2dXFlZWtYdW9YWFBlNVVGY2U5UnE4LzE0d0FBQUg0d2ZBWUpLb1pJaHZjTkFRY0dvRzh3YlFJQkFEQm9CZ2txaGtpRzl3MEJCd0V3SGdZSllJWklBV1VEQkFFdU1CRUVESnpKWXZhbXBFRkFSVUx5bUFJQkVJQTcwZk1ZUlU4bG9RVnRwMWJJUHRoZktTOFMzZVpZNS8rT0orL0RmSjZXNVpiK0p0TURXZmZ5Rm9vc0gzMDFVWS9OQ1lzb2hWM1FER2E3NmZ3PSIsInZlcnNpb24iOiIyIiwidHlwZSI6IkRBVEFfS0VZIiwiZXhwaXJhdGlvbiI6MTU2NDkxNTYyOH0= https://092412696969.dkr.ecr.us-east-1.amazonaws.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /home/pualu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
now you are logged into the aws docker repository
if for some reason you can't upgrade awscli version, you can do a little string manipulation to make it work for you with sed.
for example:
$(aws ecr get-login --region eu-central-1 | sed -e 's/-e none//g')
this will drop the -e flag that is not supported and you should be able to login.
I had the same issue however following Scott Stensland's answer did not solve it.
In case it will happen to someone else, dropping '-e none' from the command solved the issue.
Run login statement.
aws ecr get-login --region us-west-2
Then, remove the flag and value -e none from the resulting statement.
So, what you run would look like...
docker login -u AWS -p <long password hash> https://<image ID>.dkr.ecr.us-west-2.amazonaws.com
If you prefer to avoid refreshing your authentication token manually with aws ecr get-login, you can install the Amazon ECR credential helper instead. The credential helper will take care of retrieving and updating tokens automatically so you don't need to refresh it yourself. Packages are available for Debian (Buster or newer), Ubuntu (19.10 or newer), Amazon Linux 2, Mac OS (via Homebrew), and a few other operating systems, or you can download binary releases from the releases page.
C:\WINDOWS\system32>docker rm -f $(docker ps -qa)
unknown shorthand flag: 'q' in -qa)
See 'docker rm --help'.
If the issue is caused in Windows OS then try to run the command in PowerShell with Admin Privileges
It worked for me.
When I try to execute this command:
> aws ecr get-login --no-include-email --region us-east-1
I keep getting the error message:
> Unknown options: --no-include-email
I followed the instructions here: http://docs.aws.amazon.com/cli/latest/userguide/installing.html
to update my aws cli to the latest version:
> pip install awscli --upgrade --user
but the problem persists.
I am completely blocked, as there's no other way that I can use to push my docker images to Amazon ECR.
My environment is the following:
Windows 10 Pro
Version 1607
64 bits
aws-cli/1.11.89 Python/2.7.9 Windows/8 botocore/1.5.52
Docker version 17.06.0-ce, build 02c1d87
I found a workaround which was to just use the regular command:
> ecr get-login --region us-east-1
And then I removed the part:
>...-e none...
from the docker login command that was generated and ran it like that and I was able to login into my aws ecr repositories.
If you get rid of the email option, you might have a return line including a ''-e none'' that you dont want you can sed it
aws ecr get-login --youroptions | sed 's/\-e none//g'
I'm trying to push a docker image to the AWS ECR repository using the aws-cli.
I just run the get-login command
execute the output (which returns login succeeded)
then try to push a docker image then I get the
message:
denied: Your Authorization Token has expired. Please run
'aws ecr get-login' to fetch a new one.
I don't know whats going wrong, I'm pushing to the right repo, the time on my mac is correct.
This was working before, but since I reinstalled my mac and upgraded to macOS Sierra it's not working anymore, so probably related to that.
My aws --version output:
aws-cli/1.11.34 Python/2.7.10 Darwin/16.3.0 botocore/1.4.91
The complete output of the commands I run:
$ aws ecr get-login --region eu-west-1
docker login -u AWS -p AQECAHh....b6Wk -e none https://1234567890.dkr.ecr.eu-west-1.amazonaws.com
$ docker login -u AWS -p AQECAHh....b6Wk -e none https://1234567890.dkr.ecr.eu-west-1.amazonaws.com
Flag --email has been deprecated, will be removed in 1.13.
Login Succeeded
$ docker push 1234567890.dkr.ecr.eu-west-1.amazonaws.com/service-web:latest
The push refers to a repository [1234567890.dkr.ecr.eu-west-1.amazonaws.com/service-web]
c1f87971dfa9: Preparing
2eb644aea3de: Preparing
9c8843ffe48e: Preparing
39bb58d049d4: Preparing
f053bc969599: Preparing
7169084246b8: Waiting
bb134a1936fd: Waiting
184e76848a1c: Waiting
75c8fcf65748: Waiting
eb9b9ee1ea58: Waiting
f4bf35723edd: Waiting
ddffe1a64b3c: Waiting
fd1a1154db16: Waiting
b542e946067a: Waiting
d49ed2a5e1ed: Waiting
bb39b980367a: Waiting
25b8358d062f: Waiting
997eee521fc7: Waiting
50b5447183a8: Waiting
4339b5cb0e1d: Waiting
3dbd4a53b21b: Waiting
2bec16216500: Waiting
b9fd8e264df6: Waiting
b6ca02dfe5e6: Waiting
denied: Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one.
Neither of solutions above worked for my but I found that when I set region in ecr login command it worked.
aws ecr get-login --region us-west-2
You might just be running the command and not pasting the command that is echo'd out from that command back into the terminal. Easy mistake to make. Once you run:
aws ecr get-login --no-include-email --region us-east-1
It will print out another command to run, you'll need to copy that command and run it in your terminal to authenticate fully.
Or a cool shortcut is to just pipe the echo'd command back into the shell with:
aws ecr get-login --no-include-email --region us-east-1 | sh
Latest versions of Docker use a new credentials storage feature which has a bug where doing a docker login with a URL that specifies a protocol will result in token expiration errors. This issue will be fixed in Docker 1.13.
For the time being, the workaround is to execute your login commands without specifying the protocol.
So in the command blob returned by aws ecr get-login:
docker login -u AWS -p AQECAHh....b6Wk -e none https://1234567890.dkr.ecr.eu-west-1.amazonaws.com
Should be replaced with this:
docker login -u AWS -p AQECAHh....b6Wk -e none 1234567890.dkr.ecr.eu-west-1.amazonaws.com
Omitting the https://should make docker work for the time being.
This answer worked for me using the AWS CLI v2.0.26
https://github.com/aws/aws-cli/issues/4962#issuecomment-592064025
aws --region us-west-2 ecr get-login-password | docker login --username AWS --password-stdin xxxxxxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com
where us-west-2 is your region and the xxxxxxxxxxxxxx is your account ID found at the beginning of the line below "Repository Name" here: https://us-west-2.console.aws.amazon.com/ecr/create-repository?region=us-west-2
You need to refresh your authorization token every 12 hours try:
$(aws ecr get-login --no-include-email --region us-east-1) - change region according to your configuration
Simple Command:
password=$(aws ecr get-login-password --region us-east-1)
echo $password | docker login --username AWS --password-stdin 787566098823.dkr.ecr.us-east-1.amazonaws.com
Just had the same issue on Linux Mint 18.1 (Ubuntu 16.04) with AWS ECR and latest Docker 17.06.1-ce used via latest Python Docker client 2.5.1. Login worked, push failed.
Removal of ~/.docker/config.json helped. It only contained, probably stale, authorisation token.
I don't think it has something to do with underlying OS. In my case it worked previously and the only change I can recall was upgrade from Ubuntu repo's docker.io 1.12 to Docker repo's docker-ce 17.06.
You get also the message "Your Authorization Token has expired" if you have more than one credentials in ~/.aws/credentials (path depending on your os) and forget to add the --p flag.
Use this command to get login:
aws ecr get-login --region eu-west-1 -p <yourprofilename>
I've had luck using eval. For example,
$ aws ecr get-login --region us-east-1 --no-include-email --profile username_env
Didn't work.
$ eval $(aws ecr get-login --region us-east-1 --no-include-email --profile username_env)
Did work.
The following steps worked for me. First, run
aws ecr get-login --region us-west-2
You will get an output which returns:
docker login -u AWS -p AQECAHh....b6Wk -e none 1234567890.dkr.ecr.eu-west-1.amazonaws.com
Now, remove "-e none" from the above result and run the command again.
You will be able to login successfully.
Now, try pushing your docker image and it will work!
In my case the issue was multiple credentials in ~/.aws/credentails so I used --profile
aws ecr get-login --no-include-email --region us-east-2 --profile xxxx
This worked for me.
I just wanted to post the official migration link as I believe it'll be most up to date if things change:
https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html#cliv2-migration-ecr-get-login
It states
$(aws ecr get-login --no-include-email)
should be replaced by
aws ecr get-login-password | docker login --username AWS --password-stdin MY-REGISTRY-URL
This is due to potential password exposure in the CLI. It's worth mentioning you can migrate to the new method from CLI version 1.17.10 for a smooth migration to 2.X
I was also getting the same error, below is the solution I have tried and it is working:
1. Run command:
aws ecr get-login --no-include-email --region ap-southeast-1 (change region as per your repository)
2. you will get output something like:
docker login -u AWS -p xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== https://youraccountid.dkr.ecr.ap-southeast-1.amazonaws.com
Remove "https://" and then run the command as
docker login -u AWS -p xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== youraccountid.dkr.ecr.ap-southeast-1.amazonaws.com
And it will work and you will be able to push the image.
This happened when I was trying to push/pull from a registry in another AWS account. I needed to run get-login with the --registry-ids flag, passing in the ID of the registry I wanted to log into.
Most of the above solutions won't be working if you aws-cli/2.0.0
For me, I have aws-cli/2.0.0 Python/3.8.1 Darwin/19.4.0 botocore/2.0.0dev4
What worked for was to do re-login.
If you are on aws-cli/2.0.0 then the following might work for you as well.
aws ecr get-login-password |docker login --username AWS --password-stdin $IMAGE_PATH
I faced the same issue when I tryed to push one of my App docker image to ECR. I was able to solve it by applying the following steps:
Generate access keys and secret keys to make programmatic calls to
AWS from the AWS CL. You can generate access keys and secret keys from Identity and Access Management(IAM). Store those keys for future use.
Run aws configure in your console utilizing those access keys and
secret keys also provide the correct region.
Run the following command to retrieve an authentication token and
authenticate your Docker client to your registry.
aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin #####.dkr.ecr.ap-south-1.amazonaws.com
Now build and push the docker image to ECR
I was using the stable version of docker for mac Version 1.12
I just upgraded to the beta version Version 1.13.0-rc4-beta34.1 (14853)
and now it all works as intended.
So if there are people with the same issue, make sure you use docker for mac version 1.13 or higher, if 1.13 isn't released yet, switch to the beta version.
This is the current format I believe, assuming you're trying to get access for Docker:
aws ecr get-login-password \
--region REGION \
| docker login \
--username AWS \
--password-stdin ACCESS_ID.dkr.ecr.REGION.amazonaws.com
I know the post is related to MacOS Sierra, but for those who have the problem on Windows, I performed the following:
1) aws ecr get-login, this command will output a long string
docker login -u AWS -p eyJwYXlsb2FkIjoiUXBnQ2FTV1B6Q1JqZGlH......(Omitted the whole line for better understanding) -e none https://xxxxxxx.dkr.ecr.us-east-1.amazonaws.com.
2) Copy and paste the above line (perhaps -e none won't work, so remove it too). The output will show a warning followed by a success:
WARNING! Using --password via the CLI is insecure. Use --password-stdin
Login Succeeded
If you need to use a secure way, use the --password-stdin
3) Now you can safely push the image
-docker push xxxxxxx.dkr.ecr.us-east-1.amazonaws.com/ecfs-test
0429f33dd264: Pushed
48accfb13167: Pushed
f3bb6dd29c05: Pushed
e58ae65fa4eb: Pushed
3c6037fae296: Pushed
3efd1f7c01f6: Pushed
73b4683e66e8: Pushed
ee60293db08f: Pushed
9dc188d975fd: Pushed
58bcc73dcf40: Pushed
latest: digest: sha256:4354d137733c98a1bc8609d2d2f8e97316373904e size: 2404
Maybe this solution will work on Mac too.
The problem is because the aws ecr get-login command retrieves a token that is valid for a specified registry for 12 hours, and then it prints a docker login command with that authorization token and we are not executing that command that we get back.
We need to execute this printed command to log in to your registry with Docker. In my case , I am using eval to execute the printed command that I get back from the aws ecr get-login like this:
eval $(aws ecr get-login --region eu-west-1 --profile )
This issue usually happens when you take a lot of time without accessing your CLI terminal. For this reason when you come back to your CLI, you need to login again.
For your case MacOs/Linux, Please use the following command to establish a fresh login session.
aws ecr get-login-password --region [Your Region] | sudo docker login --username AWS --password-stdin [IAM User Id].dkr.ecr.[Your Region].amazonaws.com
Please replace the placeholders with your relevant values.
I did this and it works:
first, run this command:
aws configure
in order to obtain your
Access key ID:
and
Secret access key:
2- Go to IAM->Users->"your user"->Security credentials-> Create Access Key
and chose your region
then click enter
now run this command again
aws ecr get-login-password | docker login --username AWS --password-stdin `Your repositoryUri`
When performing an unauthenticated pull from an Amazon ECR Public repository, you receive an authentication token expired response. This is likely due to the fact that you've previously requested an authentication token from Amazon ECR Public and that token has expired. When the new Amazon ECR Public image pull is performed, the expired token is used and the error is received.
To resolve this, log your Docker CLI out of the Amazon ECR Public registry and re-attempt your unauthenticated image pull like:
docker logout public.ecr.aws
https://docs.aws.amazon.com/AmazonECR/latest/public/public-troubleshooting.html
A warning: aws ecr get-login does not appear to connect to AWS servers and appears to work even if you have bad AWS access/secret keys or even if you have forgotten to enter your AWS access/secret keys as environmental variables.
It will still happily give you a long password without providing an error. The message, then, you get from AWS is an expiration error instead of a more correct and helpful "authorization incorrect."
Note: Using aws-cli version 1.11.112.
Another solution variant for this particular error is a missing --registry-ids argument to the aws ecr get-login invocation.
The full get-login invocation would be something like:
eval "$(aws ecr get-login --no-include-email \
--region us-east-1 \
--registry-ids 11223344 \
)"
Please substitute your own region and registry ID values.
The question mentions that login had succeeded but docker push had failed.
The two possible reasons for the above condition are:
The AWS credentials are expired. Go to the AWS console or use aws-cli to generate a new pair. Store them in the environment or in ~/.aws/credentials file.
You might be using the wrong AWS credentials from a different account. Temporarily set AWS_ACCESS_KEY, AWS_SECRET_ACCESS_KEY, and AWS_REGION with credentials of account where ECR repository exists.
ECR repositories which are associated with an account works only with those account's credentials
Always make sure which AWS credentials are being used for the operation.
Check environment variables and ~/.aws/credentials to confirm it.
This is what worked for me. I was using Docker for Windows. The problem appeared to be with the docker configuration. In particular with how the credentials were stored. If you look in ~/.docker/config.json, it might look something like this:
{
"auths": {
"XXXX.dkr.ecr.us-east-1.amazonaws.com": {}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.5 (windows)"
},
"credsStore": "desktop",
"stackOrchestrator": "swarm"
}
if you delete credStore line and try login in again with
docker login -u AWS -p "XXX...the really long password ehre..XXX" https://XXXX.dkr.ecr.us-east-1.amazonaws.com
, you will should see something like this
{
"auths": {
"XXXX.dkr.ecr.us-east-1.amazonaws.com": {
"auth": "XXX...the really long password ehre..XXX"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.5 (windows)"
},
"stackOrchestrator": "swarm"
}
Annoyingly, I have to do this each time, as docker adds the credStore line back in again
I was getting this error because I have multiple profiles. The profile flagged solved it for me:
$(aws ecr get-login --no-include-email --region us-west-2 --profile xxxx)
In my case the bellow script worked for aws version aws-cli/2.0.8
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${aws_account_id}.dkr.ecr.${region}.amazonaws.com
aws ecr get-login seems not to be supported anymore.
I had to use get-login-password instead:
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <ACCESS_ID>.dkr.ecr.<REGION>.amazonaws.com
From OSX, I'm just following the guide you can find here (detailed repro steps below): https://console.aws.amazon.com/ecs/home?region=us-east-1#/repositories/create
aws-cli/1.10.24 Python/2.7.10 Darwin/15.4.0 botocore/1.4.15
Docker version 1.11.1, build 5604cbe (The new beta)
Everything goes fine until the push command, which fails with:
no basic auth credentials
I saw someone w/ the same error here: Can't push image to Amazon ECR - fails with "no basic auth credentials" Unfortunately, my issue doesn't seem to have to do with mismatched access keys. I've reset them several times to check.
Here are the steps I've taken:
➜ eval $(aws ecr get-login --region us-east-1)
Warning: '-e' is deprecated, it will be removed soon. See usage.
Login Succeeded
~/projects/pw/docker/aws-wordpress ‹master ✗› (ruby-2.3.1) (5.11.0) ()
➜ docker build -t testing .
Sending build context to Docker daemon 38.91 kB
Step 1 : FROM wordpress:latest
---> 81aa77247862
...etc...
Removing intermediate container c5849505c95d
Successfully built 63b304c8227a
~/projects/pw/docker/aws-wordpress ‹master ✗› (ruby-2.3.1) (5.11.0) ()
➜ docker tag testing:latest MYACCOUNT.dkr.ecr.us-east-1.amazonaws.com/testing:latest
~/projects/pw/docker/aws-wordpress ‹master ✗› (ruby-2.3.1) (5.11.0) ()
➜ docker push MYACCOUNT.dkr.ecr.us-east-1.amazonaws.com/testing:latest
The push refers to a repository [MYACCOUNT.dkr.ecr.us-east-1.amazonaws.com/testing]
d80ff78e2dbe: Preparing
...etc...
23b28a7c4771: Waiting
6eb35183d3b8: Waiting
no basic auth credentials
To be able to push to ecr, you need to log into the ecr docker repo.
For that you will need to setup ur access key (with privilege to ecr) using aws configure.
and then execute
eval $(aws ecr get-login --region us-east-1)
once successful, you should see
Login Succeeded
As a complement to Shibashis, you can try adding -no-include-email:
eval $(aws ecr get-login --no-include-email | sed 's|https://||')
For more clarity,
Before using the push command did you do docker login to AWS from your terminal?
If you are wondering how you can get the login cmd, did you notice that AWS itself generates this command by aws ecr get-login this command?
Do docker login -u AWS -p <hashpassword-from-aws-ecr-cmd>
and do
docker push <ecr-repo-url>
Cheers!
I'm having trouble getting started with ECR because the login command generated by
aws ecr get-login
returns:
Warning: '-e' is deprecated, it will be removed soon. See usage.
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Unfortunately, the documentation for ECR doesn't acknowledge this as possible issue. Has anyone here experienced this before and if so what did you do to fix it? For reference I've setup AWS CLI with an IAM user that has policies for full EC2/ECR permissions attached. I've also created a permissions statement on the ECR registry that allows my IAM user full rights.
Docker service is not running on your machine.
You will be able to login/connect to ECR, only when the docker process is running.
You need to add --no-include-email, like:
$ aws ecr get-login --no-include-email --region us-east-1
As i updgraded Docker to version 17.06.2-ce, this deprecation notice moved to be an error :
unknown shorthand flag: 'e' in -e
See 'docker login --help'.
The cause is the "aws ecr get-login" command returing an invalid parameter ("-e none"). Before this docker version, it was a warning / depreciation error, now docker failed with a return code of 125.
To prevent this, I log on ECR with this command :
$> $(aws ecr get-login | sed -e "s/-e none//g")