Docker push to ECR failing with "no basic auth credentials"

Thanks a lot it worked for me as well !

Before using the push command did you do docker login to AWS from your terminal?
If you are wondering how you can get the login cmd, did you notice that AWS itself generates this command by aws ecr get-login this command?

Do docker login -u AWS -p <hashpassword-from-aws-ecr-cmd>

and do

docker push <ecr-repo-url>


I was running into the same issue, and I figured out that it was because the region I was using in the command was not consistent, so please make sure you are using the same region for each command. The commands that I was using:

  1. $(aws ecr get-login --no-include-email --region ap-southeast-2)
  2. docker build -t rest-sample .
  3. docker tag rest-sample:latest
  4. docker push

Hope it would help.

That is the answer I was looking for as well. Thx!

#1 install python 3
#2 install pip3
#3 install aws-cli
pip3 install awscli --upgrade --user

#4 configure aws-cli with your IAM access keys, secret and REGION
aws configure

#5 get AWS ECR login
aws ecr get-login

I found that this was an issue with the package of docker installed. On Ubuntu “apt-get install docker” installs the Docker CE. On Centos “yum install docker” installs The versions show completely different packages which is why the docker push (after docker login) was failing. I simply uninstalled docker and installed “yum install docker-ce” and the “no basic auth” error no longer showed up - see details below.

If you have 1.13 you’ll need to re-install to fix the “no basic auth” message when using “docker push”:
[root@container-from-centos]# docker -v
Docker version 1.13.1, build b2f74b2/1.13.1

[root@container-from-ubuntu:16.04]# docker -v
Docker version 18.09.7, build 2d0083d

FROM AND in a docker centos container do:

  1. yum remove docker docker-common docker-selinux docker-engine
  2. yum-config-manager --add-repo [see documentation for url]
  3. yum install -y docker-ce

Now the version is good and we can push to ECR:
[root@container-from-centos]# docker -v
Docker version 18.09.7, build 2d0083d

  1. aws configure
  2. $(aws ecr get-login | sed -e ‘s/-e none//g’)
  3. docker push [ECR_URI]/foo/bar-image

There have been several replies which seem to solve this problem, but the root of what the OP was looking for appears to be the need to authorize with ECR itself.

Summary of solution, run this at the command line, replace <region> with the region you are using in AWS.

aws ecr get-login --region <region> --no-include-email

this will output a command which you can then copy/paste to authenticate into AWS ECR to push your image. It will look like:

docker login -u AWS -p password

Link to the docs (AWS ECR registry authorization):

Wow, Thats what i was missing, i am on windows 10 pro, WSL, i tried to use git repo
modified the .docker/config.json it does not work, it worked well with tooltips

How to signup for trial mode? What’s the cost? and is there any software available for cnc machine?

I was having a similar issue and the resolution was to change my ~/.docker/config.json auth section to include https:// to the link to my registry (not amazon.) . By default docker wrote it in the file with no protocol. I think it was trying to use basic authorization because ssl was not specified. I am a new to this so I hope that made sense.

Thanks a lot alexandrchervyak, this worked for me!

I was having a similar issue. In my case I have two AWS profiles and I was using the wrong one (default). So I used the following command first : export AWS_PROFILE=<my-profile-name> and then did the push. Then it worked !

An update to the solutions provided above

The latest version of AWS CLI no longer supports get-login. If you try any of the solutions above you might get the following error message: aws: error: argument operation: Invalid choice.

In AWS CLI version 2 or in v1.17.10 or later, you must use get-login-password in the following way [source]:

aws configure #if you haven't already
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>

This will fix OPs problem.

If you are still using an old version of AWS CLI just follow @dcoffey3296 's great answer:

aws configure #if you haven't already
aws ecr get-login  --region <region>  --no-include-email
#now paste the line returned in the previous command without the '-e none' part. This was deprecated long ago and it won't work with it
1 Like

Hi did you solve it? i have the same issue =(

Attaching policy “AmazonEC2ContainerRegistryPowerUser” to your Code build role “codebuild-PROJECT_NAMEservice-role” should solve the issue.

That tooltip saved me! thx friend

What is aws configure supposed to do? It seem to exist with status 255, which makes your pipeline fail.

Unrelated note: you might want to enable caching for the ~/.m2 folder of your pipeline to preven all dependencies to be pulled on every build.

Generaly the post is off-topic, as it is a problem within build specs of a AWS Code Build job.

Has anyone solved this problem on a Windows OS? I tried all the suggestions but none work and the ecr-credentials-helper doesn’t work for me as it’s not Win OS. :frowning:

Check that you ECR repository’s region is the same from the allowed user’s region. That was my case.

Hello spotit3156,

Thanks for the help. This --no-include-email has saved my life.