Question 83061 in Docker Question posted in
The official documentation can be found here.

Using AWS's ECR get-login-password and –password-stdin with Powershell – Docker

The recommended way to authenticate docker with AWS ECR in order to push/pull images is using the following command:

aws ecr get-login-password --region us-east-1 | 
docker login --username AWS --password-stdin AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com

The problem is that it doesn’t work with powershell, resulting with the following error:

Error response from daemon: login attempt to https://AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/v2/ 
failed with status: 400 Bad Request

It works fine with CMD, but not Powershell. After searching around for solution, I found that the issue is that the first section of the script that gets the password, appends a new line to it, which causes the second part of the script to fail. I searched for a way to strip that new line from the first section with no success. This does not work:

echo $(aws ecr get-login-password --region us-east-1) |
 docker login --username AWS --password-stdin AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com

The only way I can get it working is by splitting the script into two commands, like this:

$password = aws ecr get-login-password --region us-east-1
docker login --username AWS --password $password AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com

The problem is that this approach results in the following warning:

WARNING! Using --password via the CLI is insecure. Use --password-stdin.

Any ideas/workarounds? Thanks.

EDIT:
Link to github issue: https://github.com/aws/aws-tools-for-powershell/issues/270

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    After wasting hours on this, I've finally found a solution. As I mentioned earlier, this works fine in CMD, so I figured I'd try to run CMD from PowerShell. Turns out you can do it like this: cmd.exe c "your command"

    I then tried this, and it worked:

    cmd.exe c "aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com"

  2. 0

    Hit this problem from a Jenkins pipeline that uses powershell scripts to push images to AWS ECR. I agree it is related to the newline. Using .Trim() or -replace ‘r?nz’ all seemed to have no effect on what was passed after the pipe into –password-stdin.

    I still wanted the upload output to appear in the Jenkins logs so I have switched to using the following workaround for the moment.

    docker login --username AWS --password (Get-ECRLoginCommand).Password https://AWS_ACCOUNT_ID.dkr.ecr.eu-west-2.amazonaws.com

    It still gives the warning about using –password but keeps it in PowerShell.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search