"no basic auth credentials" when trying to pull an image from a private ECR

amazon-web-services docker dockerfile aws-ecr
16,618

There are multiple ways to do it.

Using aws access and secret key. In which you set the aws credentials on the ec2 machine and run ecr login command. aws ecr get-login --no-include-email --registry-ids <some-id> --region eu-west-1 and then docker pull should work. But this is not a recommended secure way.

What I prefer is using aws iam roles.

Assuming you want to pull this image on your ec2 machine that was brought up using terraform. Make use of iam roles.

  • Create an iam role manually or using terraform iam resource.
  • For contents of iam policy refer this.
  • While bringing ec2 using terraform instance resource make use of iam_instance_profile attribute, the value of this attribute should be the name of iam role you created.

This should be enough to automatically pull docker images from ECR in a secure way.

Hope this helps.

Share:
16,618

Related videos on Youtube

Admin
Author by

Admin

Updated on June 04, 2022

Comments

  • Admin
    Admin about 2 years

    I have the following line somewhere in the middle of my Dockerfile to retrieve an image from my private ECR.

    FROM **********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************:ff03401

    This is the error that I get in AWS Codebuild when trying to build this:

    Step 21/36 : FROM **********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************:ff03401 Get https://**********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************/manifests/ff03401: no basic auth credentials

    How can one provide these credentials in the most secure way, and in a way that can also be terraformed?

    • prayagupa
      prayagupa over 4 years
      its crazy that docker pull <ID>.dkr.ecr.us-east-1.amazonaws.com/my-base-image:1.0.0 works but same thing in Dockerfile with FROM <ID>.dkr.ecr.us-east-1.amazonaws.com/my-base-image:1.0.0 does not
  • Admin
    Admin almost 5 years
    Thanks! I tried the easy way first (aws ecr get-login) but still failed, posted a new question here: stackoverflow.com/questions/56973938/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Push to ECR from Jenkins pipeline
Passing NODE_ENV to docker to run package.json scripts
toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading
Build with docker and --privileged
Codepipeline: Insufficient permissions Unable to access the artifact with Amazon S3 object key
Reloading code in a dockerized node.js app with docker-compose
ECS/ECR: is common practice to have one repository per image (and associated versions)?
AWS credentials during Docker build process
how to correctly use system user in docker container
Dockerfile: Is there any way to read variables from .env file