{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叼着烟拽天下 的问题《Can't push image to Amazon ECR - fails with “n》','https://www.manongdao.com/q-134819.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to push a docker image to an Amazon ECR registry. I'm using docker client Docker version 1.9.1, build a34a1d5. I use "aws ecr get-login --region us-east-1" to get the docker login creds. I then successfully login with those creds as follows:
docker login -u AWS -p XXXX -e none https://####.dkr.ecr.us-east-1.amazonaws.com
WARNING: login credentials saved in /Users/ar/.docker/config.json
Login Succeeded
But when I try to push my image I get the following error:
$ docker push ####.dkr.ecr.us-east-1.amazonaws.com/image:latest
The push refers to a repository [####.dkr.ecr.us-east-1.amazonaws.com/image] (len: 1)
bcff5e7e3c7c: Preparing
Post https://####.dkr.ecr.us-east-1.amazonaws.com/v2/image/blobs/uploads/: no basic auth credentials
I made sure that the aws user had the correct permissions. I also made sure that the repository allowed that user to push to it. Just to make sure that wasn't an issue I set the registry to allow all users full access. Nothing changes the "no basic auth credentials" error. I don't know how to begin to debug this since all the traffic is encrypted.
UPDATE
So I had a bit of Homer Simpson D'Oh moment when I realized the root cause of my problem. I have access to multiple AWS accounts. Even though I was using aws configure to set my credentials for the account where I had setup my repository the aws cli was actually using the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. So when I did aws ecr get-login it was returning a login for the wrong account. I failed to notice that the account numbers were different until I just went back now to try some of the proposed answers. When I remove the environment variables everything works correctly. I guess the motto of the story is if you hit this error, make sure that the repository you are logging into matches the tag you have applied to the image.
This should have worked even without opening up the permissions. See the documentation: Private Registry Authentication.
[Edit: actually, I had permissions problems too when doing a second test. See Docker push to AWS ECR private repo failing with malformed JSON).]
Nevertheless I had the same problem; I don't know why, but I successfully used the more long-winded auth mechanism described in the docs for get-authorization-token
AWS CLI and Docker versions:
Get the auth token ('docker password').
Note: My ~/.aws/config specifies a different default region, so I needed to explicitly set
--region us-east-1.Log in interactively (change
############to your AWS account id):Push an image (assuming you've made a docker image
test):I add the region option and everything works then fine for me:
I experienced the same issue.
Generating new AWS credentials (access keys) and reconfiguring AWS CLI with new credentials resolved the problem.
Earlier,
aws ecr get-login --region us-east-1generated docker login command with invalid EC registry URL.if you run
$(aws ecr get-login --region us-east-1)it will be all done for youThen as per the ECR Push Command Instructions, cut and paste the following commands
eval $(aws ecr get-login --region us-east-1)add --profile if you use multiple AWS Accounts
eval $(aws ecr get-login --region us-east-1 --profile your-profile)docker build -t image-name .docker tag image-name:latest ############.dkr.ecr.us-east-1.amazonaws.com/image-name:latestdocker push ############.dkr.ecr.us-east-1.amazonaws.com/image-name:latestIn case of error, make sure you run all the commands again! The credentials you get using
aws ecr get-loginare temporary and will expire.Simply run whatever returned in step one would fix the issue.