Docker Community Forums

Share and learn in the Docker community.

Docker push to ECR failing with "no basic auth credentials"

If it not too late, after scratching my head around this issue, the solution was just to copy and paste the output of aws ecr get-login --no-include-email --region ***** which of the form docker *** and some very long alpha-numeric passphrase. It is kind of like your credentials for your repo. Do not put your DockerHub credentials as it won’t just work.

3 Likes

Steps to set up Credential helper on Ubuntu.

This assumes, you have docker installed and AWS credentials available at: ~/.aws/credentials file

  1. Clone the git repository https://github.com/awslabs/amazon-ecr-credential-helper.git
  2. cd to the cloned folder “amazon-ecr-credential-helper”
  3. run the command on terminal “make docker”
  4. it will create the binary “./bin/local/docker-credential-ecr-login”
  5. Copy this binary to /usr/bin/lib with the command " sudo cp ./bin/local/docker-credential-ecr-login /usr/bin/lib/docker-credential-ecr-login
  6. Create or modify the docker config.json file available at /.docker/config.json with the below content
  {
      "credsStore": "ecr-login"
   }

then try pushing the docker image to AWS ECR repository

Ravneet Arora(DevOps)

That solved it for me. Great

After run this command:

(aws ecr get-login --no-include-email --region us-west-2)

just run the docker login command from de output

docker login -u AWS -p epJ....

is the way that docker login into ECR

2 Likes

Yes this is a root cause. Worked for me by this.Spended couple of hours on this.

on mac OS X removing this “credsStore”: “osxkeychain”. from config.json worked for me.
@Thank you all.

This worked fine except for one thing. I have multiple AWS profiles.
The solution for me looked like this:
eval $(aws ecr get-login --no-include-email --profile myprofilename | sed 's|https://||')

Hi. If you already has a repository for your containers at repositories tab here https://eu-west-3.console.aws.amazon.com/ecr/ ,but can’t push - probably you doing something wrong with tagging of container or login issues. For now ecr page service has nice tooltip wich has all available commands step by step that you needed directly for your repository and containers.
To see that tab you need to

  1. Go to the https://eu-west-3.console.aws.amazon.com/ecr/repositories
  2. Select your repository
  3. Click ‘View push commands’ button
  4. Tooptip with commands will appear - try it step by step and see if that solves your problem.

In my case it was typo for container name, but when I followed tooltip commands - it started to work for me!

This step solved my issue

I had this problem too on Windows. When you open the push commands modal on the AWS ECR website it defaults to Mac OS/Linux. The commands will run but don’t actually work. Make sure to switch to the Windows instructions. Worked much better.

Maybe my stupidity will help someone else.

Thanks a lot it worked for me as well !

Before using the push command did you do docker login to AWS from your terminal?
If you are wondering how you can get the login cmd, did you notice that AWS itself generates this command by aws ecr get-login this command?

Do docker login -u AWS -p <hashpassword-from-aws-ecr-cmd>

and do

docker push <ecr-repo-url>

Cheers!

I was running into the same issue, and I figured out that it was because the region I was using in the command was not consistent, so please make sure you are using the same region for each command. The commands that I was using:

  1. $(aws ecr get-login --no-include-email --region ap-southeast-2)
  2. docker build -t rest-sample .
  3. docker tag rest-sample:latest 12345.dkr.ecr.ap-southeast-2.amazonaws.com/xxx/rest-sample:latest
  4. docker push 12345.dkr.ecr.ap-southeast-2.amazonaws.com/xxx/rest-sample:latest

Hope it would help.

That is the answer I was looking for as well. Thx!

#1 install python 3
#2 install pip3
#3 install aws-cli
pip3 install awscli --upgrade --user

#4 configure aws-cli with your IAM access keys, secret and REGION
aws configure

#5 get AWS ECR login
aws ecr get-login

I found that this was an issue with the package of docker installed. On Ubuntu “apt-get install docker” installs the Docker CE. On Centos “yum install docker” installs https://cbs.centos.org/koji/buildinfo?buildID=24652. The versions show completely different packages which is why the docker push (after docker login) was failing. I simply uninstalled docker and installed “yum install docker-ce” and the “no basic auth” error no longer showed up - see details below.

If you have 1.13 you’ll need to re-install to fix the “no basic auth” message when using “docker push”:
[root@container-from-centos]# docker -v
Docker version 1.13.1, build b2f74b2/1.13.1

[root@container-from-ubuntu:16.04]# docker -v
Docker version 18.09.7, build 2d0083d

FROM https://docs.docker.com/v17.09/engine/installation/linux/docker-ce/centos/ AND in a docker centos container do:

  1. yum remove docker docker-common docker-selinux docker-engine
  2. yum-config-manager --add-repo [see documentation for url]
  3. yum install -y docker-ce

Now the version is good and we can push to ECR:
[root@container-from-centos]# docker -v
Docker version 18.09.7, build 2d0083d

  1. aws configure
  2. $(aws ecr get-login | sed -e ‘s/-e none//g’)
  3. docker push [ECR_URI]/foo/bar-image

There have been several replies which seem to solve this problem, but the root of what the OP was looking for appears to be the need to authorize with ECR itself.

Summary of solution, run this at the command line, replace <region> with the region you are using in AWS.

aws ecr get-login --region <region> --no-include-email

this will output a command which you can then copy/paste to authenticate into AWS ECR to push your image. It will look like:

docker login -u AWS -p password https://aws_account_id.dkr.ecr.us-east-1.amazonaws.com

Link to the docs (AWS ECR registry authorization):
https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth

1 Like

Wow, Thats what i was missing, i am on windows 10 pro, WSL, i tried to use git repo https://github.com/awslabs/amazon-ecr-credential-helper
modified the .docker/config.json it does not work, it worked well with tooltips

How to signup for trial mode? What’s the cost? and is there any software available for cnc machine?

I was having a similar issue and the resolution was to change my ~/.docker/config.json auth section to include https:// to the link to my registry (not amazon.) . By default docker wrote it in the file with no protocol. I think it was trying to use basic authorization because ssl was not specified. I am a new to this so I hope that made sense.