Cannot click image on Amazon ECR - fails "without basic credentials"

if you run $(aws ecr get-login --region us-east-1) , everything will be done for you

I also had this problem. What happened to me, I forgot to run a team that was returned to me after I launched

 aws ecr get-login --region ap-southeast-2 

This command returned a big blob that includes the docker login right there! I did not understand. It should return something like this:

 docker login -u AWS -p <your_token_which_is_massive> -e none <your_aws_url> 

Copy and paste this command, and then run the push docker command, which looks something like this:

 docker push 8888888.blah.blah.ap-southwest-1.amazonaws.com/dockerfilename 

This should have worked even without opening permissions. See Documentation: Private Registry Authentication .

[Edit: in fact, I had permission problems while running the second test. See Docker push to AWS ECR private repo with error with invalid JSON ).]

However, I had the same problem; I don't know why, but I have successfully used the longer auth mechanism described in the docs for get-authorization-token

AWS CLI and Docker versions:

 $ aws --version aws-cli/1.9.17 Python/2.7.6 Linux/3.16.0-38-generic botocore/1.3.17 $ docker --version Docker version 1.9.1, build a34a1d5 

Get authentication token ("docker password").

 aws ecr get-authorization-token --region us-east-1 --output text \ --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2 

Note. My ~ / .aws / config indicates a different default area, so I had to explicitly set --region us-east-1 .

Enter interactive mode (change ############ to your AWS account ID):

 docker login -u AWS https://############.dkr.ecr.us-east-1.amazonaws.com/ password: <paste the very long password from above> email: <I left this blank> 

Click the image (assuming you made the docker test image):

 docker tag test:latest ############.dkr.ecr.us-east-1.amazonaws.com/test:latest docker push ############.dkr.ecr.us-east-1.amazonaws.com/test:latest The push refers to a repository [910732017890.dkr.ecr.us-east-1.amazonaws.com/test] (len: 1) d5122f58a2e1: Pushed 7bddbca3b908: Pushed latest: digest: sha256:bc0b521fd398bd1a2ef58a289dcb910334608723fd570e7bddb36eacd0060363 size: 4378 

Try:

 eval $(aws ecr get-login --no-include-email | sed 's|https://||') 

before pressing.

If this helps someone ...

My problem was that I had to use the --profile option to authenticate using the appropriate profile from the credential file.

Then I omitted the command --region [region_name] , which also --region [region_name] error "no major authorization errors".

The solution for me changed my command:

aws ecr get-login

For this:

aws --profile [profile_name] ecr get-login --region [region_name]

Example:

aws --profile foo ecr get-login --region us-east-1

Hope this helps someone!

I experienced the same problem.

Creating new AWS credentials (passkeys) and migrating AWS CLI with new credentials resolved the issue.

Previously, aws ecr get-login --region us-east-1 generated a docker login command with an invalid EC registry URL.

There is a known bug in the wincred credential manager on Windows. Removing "https: //" from the generated login command enables this.

 docker login -u AWS -p <password> <aws_account_id>.dkr.ecr.<region>.amazonaws.com 

instead

 docker login -u AWS -p <password> https://<aws_account_id>.dkr.ecr.<region>.amazonaws.com 

See also the troubleshooting page .

• First, make sure you create the ECR registry.
  Then, in accordance with ECR Push Command instructions, cut and paste the following commands
• Running docker login command (eval on Mac / Linux skips cutting and pasting)
  eval $(aws ecr get-login --region us-east-1)
  add -profile if you use multiple AWS accounts
  eval $(aws ecr get-login --region us-east-1 --profile your-profile)
• docker build -t image-name .
• docker tag image-name:latest ############.dkr.ecr.us-east-1.amazonaws.com/image-name:latest
• docker push ############.dkr.ecr.us-east-1.amazonaws.com/image-name:latest

In case of an error, make sure that you run all the commands again! The credentials you use with aws ecr get-login are temporary and expire.

In my case, after running aws ecr get-login --no-include-email --region ***** , I just copied the output of this command with docker login -u *** -p ************ and you insert it into the tooltip. The push went forward.

In AWS docs, you are asked to run the following command (for the ap-south-2 region)

 aws ecr get-login --region ap-southeast-2 

When I came across this problem, it was not clear to me, based on these documents, that you need to enter the result of this command into the terminal and execute it.

The fix I worked with was to copy the result to the clipboard using

 aws ecr get-login --region ap-southeast-2 | pbcopy 

Paste the result into the command line and execute it

After running this command:

(aws ecr get-login --no-include-email --region us-west-2)

just run docker login command from output

docker login -u AWS -p epJ....

this is a way to log into a docker in ECR

I had this problem for another reason: I needed to click on a registry that was not associated with my AWS account (client ECR registry). The client granted me access on the Permissions tab for the registry by adding my IAM identifier (for example, arn:aws:iam::{AWS ACCT #}:user/{Username} ) as the Principal. I tried to log in with the usual steps:

 $(aws ecr get-login --region us-west-2 --profile profilename) docker push {Client AWS ACCT #}.dkr.ecr.us-west-1.amazonaws.com/imagename:latest 

Which, of course, led to no basic auth credentials . As it turns out, aws ecr get-login writes you to the ECR for the registry associated with your username, which makes sense in retrospect. The solution is to tell aws ecr get-login which registry you want to enter.

 $(aws ecr get-login --region us-west-2 --profile profilename --registry-ids {Client AWS ACCT #}) 

After that, docker push works just fine.

The docker command provided by aws-cli is not very convenient ...

When using Docker login, Docker will save a couple of servers: the key in your keychain or in the ~ / .docker / config.json file.

If it stores the key in https://7272727.dkr.ecr.us-east-1.amazonaws.com search for the key during push will fail, because docker will look for the server with the name 7272727.dkr.ecr.us-east-1.amazonaws.com not https://7272727.dkr.ecr.us-east-1.amazonaws.com .

Use the following command to log in:

 eval $(aws ecr get-login --no-include-email --region us-east-1 --profile yourprofile | sed 's|https://||') 

As soon as you run the command, you will receive the message 'Login Succeeded' and then you are fine.
after that your push command should work

On Windows in PowerShell, use:

 Invoke-Expression $(aws ecr get-login --no-include-email) 

I ran into this problem and worked on OSX. I saw Oliver Salzburg's answer and checked my ~ / .docker / config.json file. He had several authorization credentials inside him from different AWS accounts. I deleted the file and after running get-login worked again.

I ran into the same problem and the error I made was to use the wrong repo path

e.g. docker push xxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/jenkins:latest

In the above path, this is where I made a mistake: In "dkr.ecr.us-east-1.amazonaws.com" instead of "west" . I used " east" . As soon as I corrected my mistake, I was able to successfully click the image.

My problem was having multiple AWS credentials; default and dev. Since I tried to deploy dev, this worked:

 $(aws ecr get-login --no-include-email --region eu-west-1 --profile dev | sed 's|https://||') 

FWIW, Debian 9, Docker version 18.06.1-ce, build e68fc7a:

$(aws ecr get-login | sed 's| -e none | |g')

If you use multiple profiles and you need to log in to a profile that is not your default, you need to log in using this command:

 $(AWS_PROFILE=<YOUR PROFILE> aws ecr get-login --no-include-email --region eu-west-1) 

we also run into this problem today and have tried everything that was mentioned in this post (except for generating AWS credentials).

We finally resolved the issue by simply updating Docker, then clicking a button.

The problem ran into Docker 1.10.x and was resolved using Docker 1.11.x.

Hope this helps

If you isolate AWS accounts for CI / CD purposes and have one ECR repository common to multiple AWS accounts, you may need to manually modify ~/.docker/config.json .

Let's say you have the following settings:

• ECR belongs to AWS account ID 00000000000000
• CI Server 99999999999999 AWS Account ID 99999999999999

If you call aws ecr get-login --region us-west-2 | bash aws ecr get-login --region us-west-2 | bash to its CI server, docker will generate temporary credentials in ~/.docker/config.json .

 { "auths": { "https://99999999999999.dkr.ecr.us-west-2.amazonaws.com": { "auth": "long-token.." } } } 

But you want to point to the ECR account, so you need to change the host name.

 { "auths": { "https://00000000000000.dkr.ecr.us-west-2.amazonaws.com": { "auth": "long-token.." } } } 

Please note that this situation depends on how you configure the IAM user / policy to allow access to ECR.

You must make sure that you are logged in using the correct credentials, see the official error description and check here

http://docs.aws.amazon.com/AmazonECR/latest/userguide/common-errors-docker.html

Fixing "no basic authentication" is described in the link

Make sure you use the correct region in aws ecr get-login , it must match the region in which your repository is created.

 aws ecr get-login --region us-west-1 --no-include-email 

This command gives me the correct command to login. If you do not use "--no-include-email", this will cause another error. The output of the above command looks like this AWS -p docker-up entry *********************** is very large ******. Copy this and run it. Now it will show "Login Succeeded". Now you can push your image to ECR.

Make sure your AMI rule has permission for the user you tried to log in to.

Just run everything that was returned in the first step to fix the problem.

This error message comes from docker, and it is not necessarily related to AWS, since I got the same error when I did not use AWS ... it just says that docker does not receive authorization to go from any auth source that it uses

In my case, in the test, I deleted the ~ / .docker directory and got this error ... after I dropped the local docker registry, clicking on the docker was great.

In my case (and probably in all cases) this error occurred due to having multiple AWS accounts. Therefore, AWS ECR does not use the correct aws credentials associated with the aws account.

I tried several solutions mentioned here, but failed. It worked after using tokens instead of username and password . I got his job by following the instructions here. https://btburnett.com/2017/01/docker-login-for-amazon-aws-ecr-using-windows-powershell.html