Docker push to AWS ECR fails on Windows: no basic auth credentials
One of my searches led me to this answer, which while irrelevant to my case, brought to my attention the place where authentication credentials are stored: the docker config.json file. Take a look here to read more about it and its auth usage.
However, my own file had these contents after logging in with any of the methods above:
{
"auths": {
"https://123456789.dkr.ecr.us-east-1.amazonaws.com": {}
},
"credsStore": "wincred"
}
The explicit mention of Windows (wincred) caught my attention. Reading more into this, it appears docker on Windows uses a helper credential store which is probably better than storing credentials as plain text on the file system (it's normally stored as base64 which is greek for "plain text").
However - the solution came when I manually edited this file to contain the authentication token directly.
I generated my authentication token with this command (output shortened for brevity):
$ aws --profile myprofile ecr get-authorization-token --region us-east-1 --output text --query authorizationData[].authorizationToken
jFHNnVxZ............Vqc==
After editing ~/.docker/config.json, it looked something like this:
{
"auths": {
"https://123456789.dkr.ecr.us-east-1.amazonaws.com": {
"auth": "jFHNnVxZ............Vqc=="
}
}
}
And with this in place, the push is finally successful:
$ docker push 123456789.dkr.ecr.us-east-1.amazonaws.com/myrepo:latest
The push refers to a repository [123456789.dkr.ecr.us-east-1.amazonaws.com/myrepo]
61a69688f56d: Pushed
11ad4908e16e: Pushed
myrepo: digest: sha256:20c0f3......82aa19 size: 42162
And all is well once more.
Extending your own brilliant answer which got me out of jail. I found that if you remove:
,
"credsStore": "wincred"
Save the file, run the docker login command again it will put the credentials directly in config.json which I found to work.
Leaving something a little like
{
"auths": {
"https://407163548648.dkr.ecr.eu-west-1.amazonaws.com": {
"auth": "QV...Nbz0=",
"email": "AWS"
}
}
}