Open gondalez opened 2 years ago
I'm also on arm64 (Mac M1) and having a similar issue
Bump. Running into the same issue with SSO:
$ cat ~/.ecr/log/ecr-login.log
time="2023-04-28T12:20:09-07:00" level=debug msg="Retrieving credentials" region=us-east-1 registry=ACCOUNT_ID serverURL=ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com service=ecr
time="2023-04-28T12:20:09-07:00" level=debug msg="Checking file cache" registry=ACCOUNT_ID
time="2023-04-28T12:20:09-07:00" level=debug msg="Calling ECR.GetAuthorizationToken" registry=ACCOUNT_ID
time="2023-04-28T12:20:09-07:00" level=error msg="Error retrieving credentials" error="ecr: Failed to get authorization token: UnrecognizedClientException: The security token included in the request is invalid.\n\tstatus code: 400, request id: d7b1caf9-cea4-4910-aac9-024b9e97c8fa"
$ docker pull ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/eks-us-east-1:TAG
Error response from daemon: Head "https://ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/v2/REPO/manifests/TAG": no basic auth credentials
Bump also, same issue.
macOS Ventura 13.2.1, still on the intel silicon using the new 0.7.0 version too
I believe this commit fixed the problem as it was something in the dependency – however it's not yet in a new release.
Building directly from source fixes the issue for me.
Please make a new release of this lib :)
I'm also hitting this issue. Using aws ecr get-login-password
I can docker pull without any problems. I've installed from source just now using go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@latest
and I still face this issue.
docker config.json as below.
{
"credsStore": "ecr-login",
"credHelpers": {
"public.ecr.aws": "ecr-login",
"X.dkr.ecr.eu-west-1.amazonaws.com": "ecr-login"
}
}
Ubuntu 22.04 in Windows 11 WSL2
same here, it only works fine if i specify the AWS_PROFILE before the docker pull command. It's not getting the default profile otherwise.
Mac OS Sonoma 14.1.1
Edit: I solved it following these steps: https://github.com/awslabs/amazon-ecr-credential-helper/issues/229#issuecomment-1026149912 In particoular removing the credentials file from .aws folder
I set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables to solve it... Since I had aws configure
I think it should work out of the box
Hi,
When 0.6.0 came out we started using
amazon-ecr-credential-helper
instead of logging in viaaws ecr get-login-password
. (Thank you for the work to support SSO 🙏)Since then we have run into a perplexing issue. It works fine for some of our team, but others get an invalid request error in
~/.ecr/log/ecr-login.log
:Because it seems machine-specific so we tried clearing all cache dirs and files under
~/.aws/
and~/.ecr/
but the problem persists on the failing machine.We have tried
aws sso logout
and thenaws sso login
.Our aws sso accounts have exactly the same configuration for the team members that worked and that failed so it is does not seem to be a permissions error.
Also we were able to use the aws cli to perform the same operation that fails and received no error.
The error suggest the token is invalid, not that it is expired or that there is a permissions issue. My hunch is that the helper is extracting a token from the wrong place or not encoding it properly.
I'm hoping others have some insight?
We are running macs with Monterey, and for both the failing and the successful machines the config is this: