Help us understand the problem. What is going on with this article?

【備忘録】AWS ECRにdocker pushした際にno basic auth credentialsとなった場合の解決方法

More than 1 year has passed since last update.

問題点

ECRにコンテナイメージをdocker pushした際にno basic auth credentialsとなってしまい、pushが出来なかった。

$ aws ecr get-login --no-include-email --region ap-northeast-1
docker login -u AWS -p xxxxx== https://xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com

$ docker login -u AWS -p xxxxx== https://xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com
Login Succeeded

$ docker push xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/xxxxx:latest
The push refers to repository [xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/xxxxx]
dbee35a328d0: Preparing
77bf014019f2: Preparing
82cdb9879505: Preparing
...

no basic auth credentials

参考

Amazon ECR 使用時の Docker コマンドのエラーのトラブルシューティング - Amazon ECR

公式サイトのトラブルシューティングではno basic auth credentialsの原因がいくつか取り上げられていたが、自分の環境では該当しそうなものがなかった。

  • 別のリージョンに対して認証されている
  • トークンの有効期限が切れた。
  • wincred 認証情報マネージャーのバグ

原因

docker pushを実行してる環境のアクセスキーが別アカウントのものになっていた。

docker pushを実行してる環境のアクセスキー情報

$ aws configure
AWS Access Key ID [****************IUJD]:
AWS Secret Access Key [****************EuiN]:
Default region name [ap-northeast-1]:
Default output format [json]:

ECRを利用しているAWSコンソールのアクセスキー情報

ecr.png

解決方法

AWS CLIにECRを利用いているAWSアカウントのアクセスキーを設定して、 Dockerクライアントの認証とプッシュコマンドを再度実行したらdocker pushが成功した。

$ aws configure
AWS Access Key ID [****************IUJD]: ****************IXYQ
AWS Secret Access Key [****************EuiN]: ********************
Default region name [ap-northeast-1]:
Default output format [json]:
$ aws ecr get-login --no-include-email --region ap-northeast-1
docker login -u AWS -p xxxxx== https://xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com

$ docker login -u AWS -p xxxxx== https://xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com
Login Succeeded

$ docker push xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/xxxxx:latest
The push refers to repository [xxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/xxxxx]
dbee35a328d0: Pushed
77bf014019f2: Pushed
82cdb9879505: Pushed
...

latest: digest: sha256:d4c79d7f9b26762a139b150fdf65fa55c47d1673f4cc55659ed9969ddf03db8b size: 5947
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away