Problem in getting result from 'aws ecr get-login'

Question

I am getting following error when given following command.

aws ecr get-login --region eu-central-1

Error

An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:iam::314xxxx91079:user/git is not authorized to perform: ecr:GetAuthorizationToken on resource: *

My admin has given me access for this 'GetAuthorizationToken' resource.

Most probably what I think the problem is 'arn:aws:iam::314xxxx91079:user/git' user being used for this command. When I login into aws console, I see my user name (IAM) as follow.

[email protected]

How do I make 'get-login' to take this user name instead of user/git. I am very new to aws cli, and this command happens to be one of the build step.

Answer 1

For newer version just use

aws ecr get-login-password \
        --region us-east-1 | docker login \
        --username AWS \
        --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com

Answer 2

The AWS cli command looks good and the output should be similar to below

Sample output: 

docker login -u AWS -p password https://aws_account_id.dkr.ecr.eu-central-1.amazonaws.com

Please check if you have correctly set the AWS credentials for cli to use.

If not done, try below to configure the credentials

aws configure

AWS Access Key ID [None]: Access Key
AWS Secret Access Key [None]: Secret Key
Default region name [None]: eu-central-1
Default output format [None]: json

Note : This should be your default profile, else pass profile name as well for ecr get-login command

aws ecr get-login --region eu-central-1 --profile <profile name>

Hope this helps !!!

Answer 3

With newer versions of AWS CLI, we can request the password for ECR docker login with get-login-password and pipe the password to Docker login, something like:

aws ecr get-login-password \
    --region us-east-1 \
| docker login \
    --username AWS \
    --password-stdin 123456789101.dkr.ecr.us-east-1.amazonaws.com

Documentation: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecr/get-login-password.html

with CLI V2, following syntax is going to throw error:

$(aws ecr get-login --no-include-email --region us-east-1)

 aws ecr get-login --no-include-email --region us-east-1
 usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
 To see help text, you can run:
 aws help
 aws <command> help
 aws <command> <subcommand> help
 aws: error: argument operation: Invalid choice, valid choices are: