无法将图像推送到Amazon ECR -由于“没有基本的身份验证凭据”而失败

我正在尝试将docker映像推送到Amazon ECR注册表。我使用docker客户端docker版本1.9.1，构建a34a1d5。我使用aws ecr get-login -region us-east-1来获得docker登录信用。然后我成功登录这些学分如下:

docker login -u AWS -p XXXX -e none https://####.dkr.ecr.us-east-1.amazonaws.com
WARNING: login credentials saved in /Users/ar/.docker/config.json
Login Succeeded

但当我试图推动我的图像，我得到以下错误:

$ docker push ####.dkr.ecr.us-east-1.amazonaws.com/image:latest
The push refers to a repository [####.dkr.ecr.us-east-1.amazonaws.com/image] (len: 1)
bcff5e7e3c7c: Preparing 
Post https://####.dkr.ecr.us-east-1.amazonaws.com/v2/image/blobs/uploads/: no basic auth credentials

我确保aws用户具有正确的权限。我还确保存储库允许用户推送到它。为了确保这不是一个问题，我将注册表设置为允许所有用户完全访问。没有什么可以改变“no basic auth credentials”错误。我不知道如何开始调试，因为所有的流量都是加密的。

更新

So I had a bit of Homer Simpson D'Oh moment when I realized the root cause of my problem. I have access to multiple AWS accounts. Even though I was using aws configure to set my credentials for the account where I had setup my repository the aws cli was actually using the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. So when I did aws ecr get-login it was returning a login for the wrong account. I failed to notice that the account numbers were different until I just went back now to try some of the proposed answers. When I remove the environment variables everything works correctly. I guess the motto of the story is if you hit this error, make sure that the repository you are logging into matches the tag you have applied to the image.

当前回答

我不得不运行aws ecr get-login-password，因为aws cli已弃用get-login命令。

此外，在这个版本中，用户名被强制硬编码为AWS。

下面是适用于aws-cli/2.0.58的命令。

aws ecr get-login-password --region region_y | docker login --username AWS --password-stdin account_x.dkr.ecr.region_y.amazonaws.com

登录成功

2020-11-30 22:00:58

其他回答

执行该命令后:

(aws ecr get-login -no-include-email -region us-west-2)

只需从输出中运行docker登录命令

docker login -u AWS -p epJ....

docker登录ECR的方式是什么

2018-10-21 23:38:10

如果ecr登录失败，通常会抛出此错误。我使用的是windows系统，我在管理员模式下使用“Powershell”首先登录到ecr。

Invoke-Expression $(aws ecr get-login --no-include-email)

这应该会输出“Login succeeded”。

2019-12-09 02:12:10

## If you are using 2FA in AWS : To authenticate Docker and AWS

Open Ubuntu shell or similar. (Not Windows CMD or Powershell) Run the command down below aws sts get-session-token --serial-number "User ARN" --token-code "code_from_authenticator" create temp (mfa) profile in "C:\Users\user.aws\credentials" and use the output from number 2. [mfa] aws_access_key_id = xxxx aws_secret_access_key =xxxx aws_session_token = xxx region = your region aws ecr get-login --profile mfa copy the output from 4. and run login command (delete the -e None) part Receive Successful Login! run the aws push commands

2022-10-19 14:11:44

我也遇到过同样的问题，我犯的错误是使用了错误的回购路径

例如:docker push xxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/jenkins:latest

在上面的路径中，这是我犯的错误:在“dkr.ecr.us-east-1.amazonaws.com”而不是“west”。我用的是“东方”。一旦我纠正了我的错误，我就可以成功地推送图像了。

2017-01-04 13:13:21

如果这对谁有帮助的话……

我的问题是，我必须使用——profile选项，以便使用来自凭证文件的正确配置文件进行身份验证。

接下来，我忽略了——region [region_name]命令，这也给出了“no basic auth credentials”错误。

我的解决方案是改变我的命令:

Aws ecr get-login

Aws——profile [profile_name] ecr get-login——region [region_name]

例子: