Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

no basic auth for ECR push causing failure

dclark_talentwave
dclark_talentwave
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 18, 2019

I have a java service that I am trying to create a pipeline to build, create a docker image, tag and push to my ECR.

 

Steps so far: 

Created IAM account with AmazonEC2ContainerRegistryPowerUser privileges.

Created the following repository variables in Bitbucket: 

  • AWS_REGISTRY_URL
  • AWS_DEFAULT_REGION
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY

I have the following bitbucket-pipelines.yml:

image: openjdk:8

pipelines:
  default:
    - step:
        caches:
          - gradle
        script:
          - bash ./gradlew build -x test
branches:
  develop:
      - step:
          image: openjdk:8
          services:
            - docker
          script:
            - docker version
            - echo "This script runs only on commit to the develop branch."
            - bash ./gradlew build  -x test


            # Login to AWS
#            - export LOGIN=$(aws ecr get-login --no-include-email --region us-west-1)
#            - $LOGIN
            - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)

            # build docker image
            - docker build -t my-image .

            # tag and push docker images to ECR
            - docker tag icverify-gateway:latest xxxxxxxxxxx.amazonaws.com/my-image:qa
            - docker push xxxxxxxxxxx.amazonaws.com/my-image:qa

            # register the ECS task definition and capture the version
            - export IMAGE_NAME=xxxxxxxxxxx.amazonaws.com/my-image:qa
            - export TASK_VERSION=$(aws ecs register-task-definition --family my-image -- container-definitions "[]")



I then get the following on code commit:

+ docker push xxxxxxxxxxx.amazonaws.com/my-image:qa
The push refers to repository [xxxxxxxxxxx.amazonaws.com/my-image]
ac079aa23bfa: Preparing
ceaf9e1ebef5: Preparing
9b9b7f3d56a0: Preparing
f1b5933fe4b5: Preparing
no basic auth credentials

 

Answer
Watch
Like Sarah Dwyer likes this
5766 views

2 answers

0 votes
James Lewis
James Lewis
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 15, 2021

There seems to be two main reasons this issue occurs. Both possible issues are with the aws ecr get-login command. Make sure yours is formatted like this:

eval $(aws ecr get-login --no-include-email --region YOUR-REGION-HERE | sed 's|https://||')

Note: make sure to change the region from YOUR-REGION-HERE to the one you are trying to deploy to. For me this is --region ap-southeast-2

 

Here is a more detailed explanation of what could be going on:

1. the docker command given by aws cli is slightly off. (as mentioned here)

While you can read the full reasoning in the post I linked all you need to know is that the aws ecr get-login command needs to be wrapped like so (see parts in bold):

eval $(aws ecr get-login --no-include-email --region ap-southeast-2 | sed 's|https://||')

^ make sure to change your region to the correct one as I will talk about below.

2. No region is specified so it defaults to us-east. In my case, I wanted to deploy to ap-southeast-2 but I didn't specify it. make sure to include the following flag after your get-login statement.

--region ap-southeast-2

Here are my working bitbucket-pipelines for an ECR deploy:

image: python:3.7.4-alpine3.10

pipelines:

  tags:

    ecr-release-*:

      - step:

          services:

            - docker

          caches:

            - pip

          script:

            - pip3 install awscli

            - IMAGE="SOME-RANDOM-NUMBER.dkr.ecr.ap-southeast-2.amazonaws.com/YOUR-REPO-NAME"

            - TAG=${BITBUCKET_BRANCH:-$BITBUCKET_TAG}

            - aws configure set aws_access_key_id "${AWS_KEY}"

            - aws configure set aws_secret_access_key "${AWS_SECRET}"

            - eval $(aws ecr get-login --no-include-email --region ap-southeast-2 | sed 's|https://||')

            - docker build -t $IMAGE:$TAG .

            - docker push $IMAGE:$TAG
Reply
0 votes
davina
davina
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 25, 2019

 

Hey @dclark_talentwave 

It's hard to say without seeing all the details, but a common fix is adding `| sed 's|https://||'` to your `eval` command.

You might find more clues in this thread.

View More Comments
dclark_talentwave
dclark_talentwave
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 26, 2019

Thank you, I added that to my login but I get the same error.  I am strictly using user/pass for authentication here - but is a cert required for this to work?  

Like • Sarah Dwyer likes this
Eric Wein
Eric Wein
Contributor
March 4, 2020

Did you find a solution? I'm having the same issue.

Like • Sarah Dwyer likes this
Sarah Dwyer
Sarah Dwyer April 27, 2020

Likewise I'm encountering the very same issue, can the documentation be updated to reflect the pipeline requirements?

Like • Todd_Schroeder likes this
Todd_Schroeder
Todd_Schroeder
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 11, 2020

Same issue here...

Like • Vitaliy Shpelyk likes this
Todd_Schroeder
Todd_Schroeder
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 11, 2020 edited

@davina  This is what I am getting from the output before the "no basic auth credentials":

Command:

eval $(aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin ${AWS_REGISTRY_URL}) | sed 's|https://||'

Error:

bash: aws: command not foundError: Cannot perform an interactive login from a non TTY device

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.