ECRPushImage and ECRPullImage Task is Not Able to Push Image in me-south-1 (Bahrain) region

[amantcs]

Hi Team,

I am building an Azure DevOps pipeline to push a docker image to the ECR repository in the Bahrain region, however, I am able to push images to other regions but when I select Bahrain, it fails with the below error:

[error]Error: Failed to obtain authorization token to log in to ECR, error: UnrecognizedClientException: The security token included in the request is invalid

This error we are getting only when we are selecting the Bahrain region in the task drop-down.

When manually trying to push the image it works fine from aws cli

Edit: I just tried PullImage task with Bahrain region, but got the same error. But when I used other regions, image pulled without any error. Not sure what is blocking this AWS Toolkit tasks to use Bahrain region.

[justinmk3]

related: https://github.com/aws/aws-toolkit-azure-devops/issues/483

[amantcs]

Hi @justinmk3 this issue is not related to #483 . In my case, permissions are working fine, but toolkit tasks are not working for Bahrain region only. I further checked that it is giving an error that the authorization token is not valid. I suspect that because the Bahrain region uses regional sts endpoint to generate the token, this extension is marking them invalid. It is only supporting the token generated from global endpoints. I may be wrong but please check this once. We have a compliance requirement to use the Bahrain region only. Thanks.

[jainanuj94]

we are also facing a similar issue for ap-south-1 (Mumbai) region.

[rowanfreeman-acutro]

I have a solution that worked for me here: https://github.com/aws/aws-toolkit-azure-devops/issues/547#issuecomment-2002664946