Reputation: 59
Can't push Dockerimages to ECR
I get an error on push my local Dockerimage to my private ECR: My IAM-User has AmazonEC2ContainerRegistryFullAccess rights and my EC2 too.
$ aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin xx.dkr.ecr.eu-central-1.amazonaws.com
...
Login Succeeded
$ aws ecr describe-repositories
{
"repositories": [
{
"repositoryUri": "xx.dkr.ecr.eu-central-1.amazonaws.com/my_repo",
"imageScanningConfiguration": {
"scanOnPush": false
},
"encryptionConfiguration": {
"encryptionType": "AES256"
},
"registryId": "xx",
"imageTagMutability": "MUTABLE",
"repositoryArn": "arn:aws:ecr:eu-central-1:xx:repository/my_repo",
"repositoryName": "my_repo",
"createdAt": 1650817284.0
}
]
}
$ docker pull hello-world
$ docker tag hello-world:latest xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world latest feb5d9fea6a5 7 months ago 13.3kB
hello-world latest feb5d9fea6a5 7 months ago 13.3kB
and now i get the error on push my image:
$ docker push xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
The push refers to repository [xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world]
e07ee1baac5f: Retrying in 1 second
EOF
Any suggestions? The profile-trick from https://stackoverflow.com/a/70453287/10243980 works NOT.
Many thanks
Upvotes: 1
Views: 5412
Answers (3)
Reputation: 14438
I've just struggled with this one so will provide all of my steps. Note the most important step is #4 below - initial creation of the repository.
# 1. build your image
# docker build -t [ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG] .
docker build -t your-docker-image:latest .
# 2. tag your image with ECR repository details
# docker tag [ECR_REPOSITORY_NAME]:latest AWS_ACCOUNT_ID.dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG]
docker tag your-docker-image:latest 123456789.dkr.ecr.us-east-1.amazonaws.com/your-docker-image:latest
# 3. authenticate with ECR
# aws ecr get-login-password --region [AWS_REGION] | docker login --username AWS --password-stdin [AWS_ACCOUNT_ID].dkr.ecr.[AWS_REGION].amazonaws.com
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
# 4.
# aws ecr create-repository --repository-name [ECR_REPOSITORY_NAME]
aws ecr create-repository --repository-name your-docker-image
# 5.
# docker push [AWS_ACCOUNT_ID].dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG]
docker push 123456789.dkr.ecr.us-east-1.amazonaws.com/your-docker-image:latest
Note: Step 4 above is the important step which I'd misunderstood/missed. It results in a very unclear error from docker etc Retrying in 11 seconds
Upvotes: 0
Reputation: 21
You need to create a repository with the name hello-world. It is explained at the begining of Pushing a Docker image ecr docs.
Upvotes: 2
Reputation: 909
One of my working example is the following
aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.eu-central-1.amazonaws.com
docker build -t dolibarr .
docker tag dolibarr:latest 123456789012.dkr.ecr.eu-central-1.amazonaws.com/dolibarr:latest
docker push 123456789012.dkr.ecr.eu-central-1.amazonaws.com/dolibarr:latest
Compared to your commands, it looks very similar. So now, please check, if your user is able to push to the repository itself (ecr:PutImage). Probably this is the main issue.
A good solution to find more help is the following Pushing an image to ECR, getting "Retrying in ... seconds"
My policy for my Docker image role, I am using, is the following (terraform style):
{
Action = [
"ecr:BatchCheckLayerAvailability",
"ecr:CompleteLayerUpload",
"ecr:GetAuthorizationToken",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart",
]
Effect = "Allow"
Resource = "*"
}
Try to adjust your policy and remove the "Principal" entry. This is not necessary.
Another possible reason could has nothing to do with the policy: Do you use some local proxy? I experienced some issues with using Proxy Servers for all public endpoints, like ECR, S3, etc. I disabled to use for those domains and it worked (depends on using VPN, or something similar).
Upvotes: 1
Related Questions
- Can't push image to Amazon ECR - fails with "no basic auth credentials"
- ECS "InternalError: failed to normalize image reference"
- Pushing an image to ECR, getting "Retrying in ... seconds"
- Push image to ECR works for private repositories only
- Using AWS ECR with portainer push/pull images not working
- ECS agent can not successfully pull image from ECR when host can
- can't push image to ECR even though login in docker and was successfully
- Tag problem while pushing docker Image to AWS ECR
- Uploading Docker Images to AWS ECR
- Unable to push docker image to amazon ECR