Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

no basic auth for ECR push causing failure

dclark_talentwave
dclark_talentwave June 18, 2019

I have a java service that I am trying to create a pipeline to build, create a docker image, tag and push to my ECR.

 

Steps so far: 

Created IAM account with AmazonEC2ContainerRegistryPowerUser privileges.

Created the following repository variables in Bitbucket: 

  • AWS_REGISTRY_URL
  • AWS_DEFAULT_REGION
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY

I have the following bitbucket-pipelines.yml:

image: openjdk:8

pipelines:
  default:
    - step:
        caches:
          - gradle
        script:
          - bash ./gradlew build -x test
branches:
  develop:
      - step:
          image: openjdk:8
          services:
            - docker
          script:
            - docker version
            - echo "This script runs only on commit to the develop branch."
            - bash ./gradlew build  -x test


            # Login to AWS
#            - export LOGIN=$(aws ecr get-login --no-include-email --region us-west-1)
#            - $LOGIN
            - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)

            # build docker image
            - docker build -t my-image .

            # tag and push docker images to ECR
            - docker tag icverify-gateway:latest xxxxxxxxxxx.amazonaws.com/my-image:qa
            - docker push xxxxxxxxxxx.amazonaws.com/my-image:qa

            # register the ECS task definition and capture the version
            - export IMAGE_NAME=xxxxxxxxxxx.amazonaws.com/my-image:qa
            - export TASK_VERSION=$(aws ecs register-task-definition --family my-image -- container-definitions "[]")



I then get the following on code commit:

+ docker push xxxxxxxxxxx.amazonaws.com/my-image:qa
The push refers to repository [xxxxxxxxxxx.amazonaws.com/my-image]
ac079aa23bfa: Preparing
ceaf9e1ebef5: Preparing
9b9b7f3d56a0: Preparing
f1b5933fe4b5: Preparing
no basic auth credentials

 

Answer
Watch
Like Sarah Dwyer likes this
4386 views

2 answers

0 votes
James Lewis
James Lewis February 15, 2021

There seems to be two main reasons this issue occurs. Both possible issues are with the aws ecr get-login command. Make sure yours is formatted like this:

eval $(aws ecr get-login --no-include-email --region YOUR-REGION-HERE | sed 's|https://||')

Note: make sure to change the region from YOUR-REGION-HERE to the one you are trying to deploy to. For me this is --region ap-southeast-2

 

Here is a more detailed explanation of what could be going on:

1. the docker command given by aws cli is slightly off. (as mentioned here)

While you can read the full reasoning in the post I linked all you need to know is that the aws ecr get-login command needs to be wrapped like so (see parts in bold):

eval $(aws ecr get-login --no-include-email --region ap-southeast-2 | sed 's|https://||')

^ make sure to change your region to the correct one as I will talk about below.

2. No region is specified so it defaults to us-east. In my case, I wanted to deploy to ap-southeast-2 but I didn't specify it. make sure to include the following flag after your get-login statement.

--region ap-southeast-2

Here are my working bitbucket-pipelines for an ECR deploy:

image: python:3.7.4-alpine3.10

pipelines:

  tags:

    ecr-release-*:

      - step:

          services:

            - docker

          caches:

            - pip

          script:

            - pip3 install awscli

            - IMAGE="SOME-RANDOM-NUMBER.dkr.ecr.ap-southeast-2.amazonaws.com/YOUR-REPO-NAME"

            - TAG=${BITBUCKET_BRANCH:-$BITBUCKET_TAG}

            - aws configure set aws_access_key_id "${AWS_KEY}"

            - aws configure set aws_secret_access_key "${AWS_SECRET}"

            - eval $(aws ecr get-login --no-include-email --region ap-southeast-2 | sed 's|https://||')

            - docker build -t $IMAGE:$TAG .

            - docker push $IMAGE:$TAG
Reply
0 votes
davina
davina
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 25, 2019

 

Hey @dclark_talentwave 

It's hard to say without seeing all the details, but a common fix is adding `| sed 's|https://||'` to your `eval` command.

You might find more clues in this thread.

View More Comments
dclark_talentwave
dclark_talentwave June 26, 2019

Thank you, I added that to my login but I get the same error.  I am strictly using user/pass for authentication here - but is a cert required for this to work?  

Like Sarah Dwyer likes this
Eric Wein
Eric Wein March 4, 2020

Did you find a solution? I'm having the same issue.

Like Sarah Dwyer likes this
Sarah Dwyer
Sarah Dwyer April 27, 2020

Likewise I'm encountering the very same issue, can the documentation be updated to reflect the pipeline requirements?

Like Todd_Schroeder likes this
Todd_Schroeder
Todd_Schroeder May 11, 2020

Same issue here...

Like Vitaliy Shpelyk likes this
Todd_Schroeder
Todd_Schroeder May 11, 2020

@davina  This is what I am getting from the output before the "no basic auth credentials":

Command:

eval $(aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin ${AWS_REGISTRY_URL}) | sed 's|https://||'

Error:

bash: aws: command not foundError: Cannot perform an interactive login from a non TTY device

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events