Docker Community Forums

Share and learn in the Docker community.

Docker push to ECR failing with "no basic auth credentials"

docker
aws

(Boonjooce) #1

Hi guys, I’m pretty new to Docker and AWS’s ECR however, I’m stuck at pushing a Docker image to a repository I’ve created in AWS.

docker push xxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/jenkins:latest
The push refers to a repository [xxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/jenkins]
0fa94963ca33: Preparing
d5a08e31d0b0: Preparing
e726a835dee1: Preparing
9caddb0afad8: Preparing
b991ba946d1e: Preparing
2b6e8b3ec89c: Preparing
9b5807c51cc3: Preparing
2e72cd7de4f4: Preparing
31bc90a229cc: Preparing
c5dda694f21c: Waiting
de174b528b56: Waiting
579acd833b28: Waiting
2c969ffc364b: Waiting
122dbad0a7b2: Waiting
446c0d4b63e5: Waiting
338cb8e0e9ed: Waiting
d1c800db26c7: Waiting
42755cf4ee95: Waiting
no basic auth credentials

Docker login works
I believe I have given my user the correct permissions in AWS
I can create a repository in AWS ok: aws ecr create-repository --repository-name jenkins (for example) so I know I’m authenticated to my AWS account (and region) correctly. However, I can’t seem top push ANY images to AWS ECR. Fails every time with “no basic auth credentials”

Can anyone help or point me in the right direction ?

NB. My AWS environment variables are correct.

Thanks,
Tim


(Felixnext) #2

I just had the same issue. Solution was to adjust the ~/.docker/config.json to the following format:
{
“auths”: {
https://12345.dkr.ecr.eu-central-1.amazonaws.com”: {
“auth”: “QErf24…”
}
}
}


(Emillynge) #3

Your problem is that the docker command given by aws-cli is slightly off.

When using docker login, docker will save a server:key pair either in your ~.docker/config or your keychain.

If it saves the key under “https://12345.dkr.ecr.eu-central-1.amazonaws.com” the lookup for the key during push will fail because docker will be looking for a server named “12345.dkr.ecr.eu-central-1.amazonaws.comnothttps://12345.dkr.ecr.eu-central-1.amazonaws.com”.

The solution therefore is to use the following wrapper to log in:
eval $(aws ecr get-login | sed 's|https://||')

This command gets the login command, replaces https:// with `` (empty string) and evaluates the resulting command. This will store the received key under the correct server and you can use it for docker push.


(Emillynge) #4

I would really encourage you to move to an External Credential Store as the .docker/config saves your passwords in cleartext.
see http://www.projectatomic.io/blog/2016/03/docker-credentials-store/


(karthik veeragoni) #5

I faced the same issue and the mistake I did was using the wrong repo path
eg: docker push xxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/jenkins:latest

In the above path this is where I’ve done the mistake: “dkr.ecr.us-east-1.amazonaws.com” instead of “west”. I was using “east”. Once I corrected my mistake, I was able to push the image succesfully.


(Rallampati) #6

Hi Guys, I got into the same issue like the other guys mentioned above. I’m getting “no basic auth credentials” when I tried to push my docker images to AWS ECR. I’m using docker toolbox -version 1.13.0, build 49bf474 on Windows 7. I followed the below steps to configure my docker cli with AWS ECR.

aws ecr get-login --registry-ids

docker login -u AWS -p -e none https://.dkr.ecr.us-west-2.amazonaws.com

I see the message “Login succeeded”. Also, config.json got updated with this auth key.

When I tried push the docker image using docker --config=config.json push .dkr.ecr.us-west-2.amazonaws.com/imagename:version, it failed with “no basic auth credentials”

23c0d04a137: Waiting
fe4c16cbf7a4: Waiting
no basic auth credentials

Can someone help me this problem?


(Maverik) #7

the credentials are the problem, the solution is to set them. in the error messages you may notice the statement that says run aws credentials. I just spotted it on my terminal!
try aws configure


(Ihulub) #8

To me the problem was the other way arround. I had to add “https://”, not remove it.


(Spotit3156) #9

adding --no-include-email as: eval $(aws ecr get-login --no-include-email | sed 's|https://||') did it for me


(Awsdevopro) #10

Just run the command given and it will work greatly. Thanks

eval $(aws ecr get-login --no-include-email | sed ‘s|https://||’)


(Rroxysam) #11

I got that issue no basic auth credentials after upgraded to latest macOS HIGH SIERRA.

my docker config file look like:
{ "credsStore" : "ecr-login" }

So What i did:
cd amazon-ecr-credential-helper && make docker TARGET_GOOS=darwin

After it will run it will gives you somthing like

docker run --rm \ -e TARGET_GOOS=darwin \ -e TARGET_GOARCH= \ -v /Users/sunnychauhan/amazon-ecr-credential-helper/bin:/go/src/github.com/awslabs/amazon-ecr-credential-helper/bin \ sha256:e2912bdc1c49ee05ab91b2654f3b3aff57a96c784cc41cf90174632db560a743 . ./scripts/shared_env && ./scripts/build_binary.sh ./bin/local Built ecr-login

And It worked like charm.


(Daniyelh) #12

This command also worked for me. I had to put --no-include-email and --region options as well.


(Rexsuecia) #13

FWIW it happened to me as well but I was using the wrong credentials. Adding --profile to the login command solved it for me.


(Zatziky) #14

I wasn’t able to resolve credentials in my CircleCI project. There is a special configuration section for AWS:


(Julien Nyambal) #15

If it not too late, after scratching my head around this issue, the solution was just to copy and paste the output of aws ecr get-login --no-include-email --region ***** which of the form docker *** and some very long alpha-numeric passphrase. It is kind of like your credentials for your repo. Do not put your DockerHub credentials as it won’t just work.


(Ravneetdevops) #16

Steps to set up Credential helper on Ubuntu.

This assumes, you have docker installed and AWS credentials available at: ~/.aws/credentials file

  1. Clone the git repository https://github.com/awslabs/amazon-ecr-credential-helper.git
  2. cd to the cloned folder “amazon-ecr-credential-helper”
  3. run the command on terminal “make docker”
  4. it will create the binary “./bin/local/docker-credential-ecr-login”
  5. Copy this binary to /usr/bin/lib with the command " sudo cp ./bin/local/docker-credential-ecr-login /usr/bin/lib/docker-credential-ecr-login
  6. Create or modify the docker config.json file available at /.docker/config.json with the below content
  {
      "credsStore": "ecr-login"
   }

then try pushing the docker image to AWS ECR repository

Ravneet Arora(DevOps)


(Guptapraveen12) #17

That solved it for me. Great


(Ingjavierr) #18

After run this command:

(aws ecr get-login --no-include-email --region us-west-2)

just run the docker login command from de output

docker login -u AWS -p epJ....

is the way that docker login into ECR


(Surajtikoo) #19

Yes this is a root cause. Worked for me by this.Spended couple of hours on this.