이미지를 Amazon ECR로 푸시 할 수 없음-“기본 인증 자격 증명이 없음”으로 실패

이미지를 Amazon ECR로 푸시 할 수 없음-“기본 인증 자격 증명이 없음”으로 실패

---

도커 이미지를 Amazon ECR 레지스트리로 푸시하려고합니다. Docker 클라이언트 Docker 버전 1.9.1, 빌드 a34a1d5를 사용하고 있습니다. "aws ecr get-login --region us-east-1"을 사용하여 docker login creds를 얻습니다. 그런 다음 다음과 같이 해당 cred에 성공적으로 로그인합니다.

docker login -u AWS -p XXXX -e none https://####.dkr.ecr.us-east-1.amazonaws.com
WARNING: login credentials saved in /Users/ar/.docker/config.json
Login Succeeded

그러나 이미지를 푸시하려고하면 다음 오류가 발생합니다.

$ docker push ####.dkr.ecr.us-east-1.amazonaws.com/image:latest
The push refers to a repository [####.dkr.ecr.us-east-1.amazonaws.com/image] (len: 1)
bcff5e7e3c7c: Preparing 
Post https://####.dkr.ecr.us-east-1.amazonaws.com/v2/image/blobs/uploads/: no basic auth credentials

AWS 사용자에게 올바른 권한이 있는지 확인했습니다. 또한 리포지토리에서 해당 사용자가 푸시 할 수 있도록했습니다. 문제가 아닌지 확인하기 위해 모든 사용자에게 모든 액세스 권한을 허용하도록 레지스트리를 설정했습니다. "기본 인증 자격 증명 없음"오류는 변경되지 않습니다. 모든 트래픽이 암호화되어 있기 때문에 디버깅을 시작하는 방법을 모르겠습니다.

최신 정보

그래서 나는 내 문제의 근본 원인을 깨달았을 때 약간의 호머 심슨 도모 순간을 보냈습니다. 여러 AWS 계정에 액세스 할 수 있습니다. aws configure를 사용하여 리포지토리를 설정 한 계정의 자격 증명을 설정했지만 AWS CLI는 실제로 환경 변수 AWS_ACCESS_KEY_ID 및 AWS_SECRET_ACCESS_KEY를 사용하고있었습니다. 그래서 내가 aws ecr get-login을했을 때 잘못된 계정에 대한 로그인을 반환했습니다. 제안 된 답변 중 일부를 시도하기 위해 방금 돌아갈 때까지 계좌 번호가 다르다는 것을 알지 못했습니다. 환경 변수를 제거하면 모든 것이 올바르게 작동합니다. 이야기의 좌우명은이 오류가 발생하면 로그인 한 저장소가 이미지에 적용 한 태그와 일치하는지 확인하십시오.

---

당신이 $(aws ecr get-login --region us-east-1)그것을 실행 하면 모두 당신을 위해 수행됩니다

---

제 경우에는 Docker for Windows의 버그와 Windows 자격 증명 관리자에 대한 지원이었습니다.

당신을 열고 항목을 ~/.docker/config.json제거하십시오 "credsStore": "wincred".

이로 인해 자격 증명이 config.json직접 작성 됩니다. 나중에 다시 로그인해야합니다.

GitHub 의 티켓 # 22910 및 # 24968 을 통해이 버그를 추적 할 수 있습니다.

---

프로필을 사용하는 경우로 전달 --profile=XXX하는 것을 잊지 마십시오 aws ecr get-login.

---

나는이 문제도 가지고 있었다. 나에게 일어난 일은 내가 달린 후에 나에게 돌아온 명령을 실행하는 것을 잊었다는 것입니다.

aws ecr get-login --region ap-southeast-2

이 명령은 큰 얼룩을 반환했으며 여기에는 docker login명령 이 포함되어 있습니다! 나는 몰랐다. 다음과 같이 반환해야합니다.

docker login -u AWS -p <your_token_which_is_massive> -e none <your_aws_url>

이 명령을 복사하여 붙여 넣은 다음 다음과 같은 docker push 명령을 실행하십시오.

docker push 8888888.blah.blah.ap-southwest-1.amazonaws.com/dockerfilename

---

권한을 열지 않아도 작동했을 것입니다. 개인 레지스트리 인증 문서를 참조하십시오 .

[편집 : 실제로, 두 번째 테스트를 수행 할 때 권한 문제도있었습니다. 잘못된 형식의 JSON으로 실패한 AWS ECR 개인 저장소에 대한 Docker 푸시 참조 )]

그럼에도 불구하고 나는 같은 문제가 있었다. 왜 그런지 모르겠지만 문서에 설명 된 더 긴 인증 메커니즘을 get-authorization-token에 성공적으로 사용했습니다.

AWS CLI 및 Docker 버전 :

$ aws --version
aws-cli/1.9.17 Python/2.7.6 Linux/3.16.0-38-generic botocore/1.3.17
$ docker --version
Docker version 1.9.1, build a34a1d5

인증 토큰 ( '도커 비밀번호')을 가져옵니다.

aws ecr get-authorization-token --region us-east-1 --output text \
    --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2

참고 : 내 ~ / .aws / config는 다른 기본 지역을 지정하므로 명시 적으로 설정해야했습니다 --region us-east-1.

대화 형으로 로그인 ( ############AWS 계정 ID로 변경 ) :

docker login -u AWS https://############.dkr.ecr.us-east-1.amazonaws.com/
password: <paste the very long password from above>
email: <I left this blank>

도커 이미지를 만들었다 고 가정하면 이미지를 푸시합니다 test.

docker tag test:latest ############.dkr.ecr.us-east-1.amazonaws.com/test:latest
docker push ############.dkr.ecr.us-east-1.amazonaws.com/test:latest
The push refers to a repository [910732017890.dkr.ecr.us-east-1.amazonaws.com/test] (len: 1)
d5122f58a2e1: Pushed 
7bddbca3b908: Pushed 
latest: digest: sha256:bc0b521fd398bd1a2ef58a289dcb910334608723fd570e7bddb36eacd0060363 size: 4378

---

시도해보십시오 :

eval $(aws ecr get-login --no-include-email | sed 's|https://||')

푸시하기 전에.

---

누군가를 돕는다면 ...

내 문제는 --profile자격 증명 파일에서 적절한 프로필로 인증하기 위해 옵션 을 사용해야한다는 것 입니다.

다음으로 --region [region_name]"기본 인증 자격 증명 없음"오류가 발생 하는 명령 을 생략했습니다 .

나를위한 해결책은 다음과 같이 명령을 변경하는 것입니다.

aws ecr get-login

이에:

aws --profile [profile_name] ecr get-login --region [region_name]

예:

aws --profile foo ecr get-login --region us-east-1

누군가를 돕는 희망!

---

Windows의 wincred credential manager에 알려진 버그가 있습니다. 생성 된 로그인 명령에서 'https : //'를 제거하면이 문제가 해결됩니다.

docker login -u AWS -p <password> <aws_account_id>.dkr.ecr.<region>.amazonaws.com

대신에

docker login -u AWS -p <password> https://<aws_account_id>.dkr.ecr.<region>.amazonaws.com

문제 해결 페이지 도 참조 하십시오 .

---

나는 같은 문제를 경험했다.

Generating new AWS credentials (access keys) and reconfiguring AWS CLI with new credentials resolved the problem.

Earlier, aws ecr get-login --region us-east-1 generated docker login command with invalid EC registry URL.

---

1. Make sure you have created the ECR registry first.
   Then as per the ECR Push Command Instructions, cut and paste the following commands
2. Execute the docker login command (eval on Mac/Linux skips the cut-and-paste)
   eval $(aws ecr get-login --region us-east-1)
   add --profile if you use multiple AWS Accounts
   eval $(aws ecr get-login --region us-east-1 --profile your-profile)
3. docker build -t image-name .
4. docker tag image-name:latest ############.dkr.ecr.us-east-1.amazonaws.com/image-name:latest
5. docker push ############.dkr.ecr.us-east-1.amazonaws.com/image-name:latest

In case of error, make sure you run all the commands again! The credentials you get using aws ecr get-login are temporary and will expire.

---

In my case, after running aws ecr get-login --no-include-email --region *****, I just copied the output of that command with is of the form docker login -u *** -p ************, and you paste it in the prompt. The pushing went ahead.

---

The AWS documents tell you to execute the following command (for ap-southeast-2 region)

aws ecr get-login --region ap-southeast-2

When I bumped into this issue, it wasn't clear to me based on that docs that you need to enter the result of this command into the terminal and execute it.

Fix that worked for me to was to copy the result to the clipboard with

aws ecr get-login --region ap-southeast-2 | pbcopy

Paste the result into the command line and execute it

---

After run this command:

(aws ecr get-login --no-include-email --region us-west-2)

just run the docker login command from the output

docker login -u AWS -p epJ....

is the way that docker login into ECR

---

I had this issue with a different cause: I needed to push to a registry not associated with my AWS Account (a client's ECR registry). The client had granted me access under the Permissions tab for the registry, by adding my IAM id (e.g., arn:aws:iam::{AWS ACCT #}:user/{Username}) as a Principal. I tried to login with the usual steps:

$(aws ecr get-login --region us-west-2 --profile profilename)
docker push {Client AWS ACCT #}.dkr.ecr.us-west-1.amazonaws.com/imagename:latest

Which of course resulted in no basic auth credentials. As it turns out, aws ecr get-login logs you in to the ECR for the registry associated your login, which makes sense in retrospect. The solution is to tell aws ecr get-login which registry(s) you want to log in to.

$(aws ecr get-login --region us-west-2 --profile profilename --registry-ids {Client AWS ACCT #})

After that, docker push works just fine.

---

On Windows in PowerShell, use:

Invoke-Expression $(aws ecr get-login --no-include-email)

---

The docker command given by aws-cli is little off...

When using docker login, docker will save a server:key pair either in your keychain or ~/.docker/config.json file

If it saves the key under https://7272727.dkr.ecr.us-east-1.amazonaws.com the lookup for the key during push will fail because docker will be looking for a server named 7272727.dkr.ecr.us-east-1.amazonaws.com not https://7272727.dkr.ecr.us-east-1.amazonaws.com.

Use the following command to login:

eval $(aws ecr get-login --no-include-email --region us-east-1 --profile yourprofile | sed 's|https://||')

Once you run the command you will get 'Login Succeeded' message and then you are good
after that your push command should work

---

I ran into this issue as well running on OSX. I saw Oliver Salzburg's response and checked my ~/.docker/config.json. It had multiple authorization credentials inside it from the different AWS accounts I have. I deleted the file and after running get-login again it worked.

---

I faced the same issue and the mistake I did was using the wrong repo path

eg: docker push xxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/jenkins:latest

In the above path this is where I've done the mistake: In "dkr.ecr.us-east-1.amazonaws.com" instead of "west". I was using "east". Once I corrected my mistake, I was able to push the image successfully.

---

My issue was having multiple AWS credentials; default and dev. Since I was trying to deploy to dev this worked:

$(aws ecr get-login --no-include-email --region eu-west-1 --profile dev | sed 's|https://||')

---

FWIW, Debian 9, Docker version 18.06.1-ce, build e68fc7a:

$(aws ecr get-login | sed 's| -e none | |g')

---

If you use multiple profiles and you need to login to a profile that is not your default one, you need to login with this command:

$(AWS_PROFILE=<YOUR PROFILE> aws ecr get-login --no-include-email --region eu-west-1)

---

we also encounter this issue today and tried everything mentionned in this post (except generating AWS credentials).

We finally solved the problem by simply upgrading Docker, then the push worked.

The problem was encountered with Docker 1.10.x and was solved with Docker 1.11.x.

Hope this helps

---

If you are isolating AWS Accounts for CI/CD purpose and having one ECR repository shared among multiple AWS Accounts, you might need to change the ~/.docker/config.json manually.

Let's say you have these setups:

1. ECR is owned by AWS Account ID 00000000000000
2. CI server is owned by AWS Account ID 99999999999999

If you call aws ecr get-login --region us-west-2 | bash within your CI server, docker will generate temporary credentials in ~/.docker/config.json.

{
  "auths": {
    "https://99999999999999.dkr.ecr.us-west-2.amazonaws.com": {
      "auth": "long-token.."
    }
  }
}

But you want to point to the ECR's account, so you need to change the hostname.

{
  "auths": {
    "https://00000000000000.dkr.ecr.us-west-2.amazonaws.com": {
      "auth": "long-token.."
    }
  }
}

Note this situation relies how you form IAM user / policy to allow ECR access.

---

You have to make sure you have logged in using correct credentials, See the offical error description and checks here

http://docs.aws.amazon.com/AmazonECR/latest/userguide/common-errors-docker.html

Fixing "no basic authentication" is described in the link

---

Make sure you use the correct region in aws ecr get-login, it must match the region in which your repository is created.

---

aws ecr get-login --region us-west-1 --no-include-email

This command gives me correct command to login. If you dont use "--no-include-email",it will throw another error. Output of the above command looks like this docker login -u AWS -p **********************very big******. Copy that and execute it. Now it will show "Login Succeeded". Now you can push your image to ECR.

Make sure that your AMI rule has the permission for the user you tried to login.

---

Simply run whatever returned in step one would fix the issue.

---

That error message is coming from docker and it not necessarily related to AWS as I have gotten same error when not using AWS ... its just saying docker is not getting authorization to proceed from whatever source of auth it happens to be using

In my case, in test I removed directory ~/.docker and got that error ... after I bounced my local docker registry then docker push was fine

---

In my case (and probably in all cases), this error resulted from having multiple AWS accounts. So, AWS ECR is not using the right aws credentials assosciated with the aws account.

I tried multiple solutions mentioned here, but did not succeed. It worked after using tokens instead of username and password. I got it working following the instructions here. https://btburnett.com/2017/01/docker-login-for-amazon-aws-ecr-using-windows-powershell.html

---

I add the region option and everything works then fine for me:

aws ecr get-login --no-include-email --region eu-west-3

참고URL : https://stackoverflow.com/questions/34689445/cant-push-image-to-amazon-ecr-fails-with-no-basic-auth-credentials