skip to Main Content

Have the following to build a docker image in a CDK run

    const uploadImageAsset = new DockerImageAsset(this, 'UploaderImage', {
      directory: '../docker',
      platform: Platform.LINUX_AMD64,
      file: 'Dockerfile',
    });

The issue is my FROM in the Dockerfile is in a different account. The other account ECR permissions gives permissions for the account to pull. I just can’t run the proper auth to get it to build

FROM 11112222233334444.dkr.ecr.us-west-2.amazonaws.com/app:base-2021

Error i’m getting is

#3 [internal] load metadata for 11112222233334444.dkr.ecr.us-west-2.amazonaws.com/app:base-2021



#3 ERROR: pulling from host 11112222233334444.dkr.ecr.us-west-2.amazonaws.com failed with status code [manifests base-2021]: 401 Unauthorized

2

Answers


  1. issue may lie with IAM permissions – can u share what actions u have currently ?

    1. Check on IAM permissions: Does the policy grants ecr:GetAuthorizationToken and ecr:BatchGetImage actions for the specific repository.

    2. Cross-account access : creating a cross-account resource policy may help if u dont have it already . https://aws.amazon.com/blogs/compute/introducing-cross-account-amazon-ecr-access-for-aws-lambda/

    Login or Signup to reply.
  2. You haven’t exactly left a lot of information. But like Sachin Gupta already mentioned, check the IAM Permissions, the Policy related to the user you use must grant the actions for the specific repository.

    As I interpret it, you already granted the resource policy.

    Let us know what the problem was.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search