Closed waiyanmin95 closed 5 hours ago
It would be really great if the debug logging around IMDS was improved while this is being 'fixed'. It look us far too long to figure out this was the issue...
I hit this problem too. I changed IMDSv2 session tokens to "required" and then amazon-ecr-credential-helper
version 0.6.0 stopped returning credentials. When I set the IMDS session tokens back to "optional" then the credential helper started returning credentials again.
I looked back in the issues and found #215 which indicates that amazon-ecr-credential-helper
should work with IMDSv2 since version 0.5.0. I'm not sure if this is a regression or if this functionality didn't work even in 0.5.0.
same for me,
trying using imds v2 but still got result :
$ echo "xxxxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com" | docker-credential-ecr-login get
credentials not found in native keychain
any workaround to fix this issue?
I had this issue as well, but I noticed that my version of docker-credential-ecr-login
was old:
$ docker-credential-ecr-login -v
amazon-ecr-credential-helper
Version: 0.3.1
Git commit: b4a1707
I updated the binary in-place, after installing:
$ sudo curl https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.6.0/linux-amd64/docker-credential-ecr-login -o `which docker-credential-ecr-login`
$ sudo chmod +x `which docker-credential-ecr-login`
And now it is working as expected on a machine that only supports IMDSv2!
I launched the latest Ubuntu 20.04 AMI on AWS and did a apt install -y amazon-ecr-credential-helper
and I confirmed that the version installed was 0.3.1
. My testing confirms that that version does NOT work with IMDSv2, but it was never advertised to. Only 0.5.0
and higher are supposed to work with IMDSv2.
I launched the latest Debian 12 AMI on AWS and did a apt install -y amazon-ecr-credential-helper
. That installs version 0.6.0
. My testing confirms that that version DOES work with IMDSv2.
I also tested with each of the binaries downloaded directly from the links at https://github.com/awslabs/amazon-ecr-credential-helper/releases. My tests confirm that 0.4.0 doesn't work with IMDSv2, but 0.5.0 and all later versions do work with IMDSv2.
My comment from 2022 indicates that either the amazon-ecr-credential-helper
package was mislabeled as 0.6.0
but didn't contain the 0.6.0
code, or I was somehow mistaken as to the version I installed. Since others had similar problems around the same time, I tend to think I wasn't mistaken, but it doesn't matter now.
Either use a distro whose APT repo contains version 0.5.0
or higher, or directly download the docker-credential-ecrl-login
binary from the links on the releases page as @adkafka did.
Since there are no changes needed in this repo, I suggest that this issue be closed.
Closing this issue as suggested. IMDSv2 is available on v0.5.0+.
OS: Ubuntu 20.04
I'm facing the issue ( can't use amazon-ecr-credential-helper ) with EC2 IMDSv2. I used the EC2 Instance profile and attached it to the EC2 instance.