2

I'm trying (and failing) to authenticate docker to AWS ECR. I've generated my AWS token via the AWS CLI aws ecr get-login command and have been provided with the following:

docker login -u AWS -p <token> --no-include-email https://***.dkr.ecr.eu-central-1.amazonaws.com.

However, when I execute this command, I get unknown flag : --no-include-email.

I've done much reading on the subject which all seem to say it's a version problem as --no-include-email flag was introduced to replace the deprecated -e none flag. I'm running the following versions: Docker version 18.03.0-ce, build 0520e24302, AWS CLI 1.16.88, Python 3.6.0, and Windows 7 x64.

I've even double checked my initial AWS CLI installation by installing AWS CLI via pip and checking for an upgraded version with pip install --user --upgrade awscli.

I initially had the error described docker login unknown shorthand flag: 'e'.

Everything is up-to-date.

It might be worth noting here that I am authenticating with AWS via a standard credentials file

[default]
aws_access_key_id = ***
aws_secret_access_key = ***

What am I missing?

JP Damstra
  • 545
  • 7
  • 25
  • Can you try the `--no-include-email` on the `aws ecr get-login`, not the `docker` command? – stdunbar Jan 14 '19 at 17:57
  • @stdunbar, `--no-include-email` has no affect on the `aws ecr get-login` command and returns the same `docker login -u AWS -p ...` command. – JP Damstra Jan 14 '19 at 18:21
  • Right - the `--no-include-email` is an `aws ecr` option, not a `docker` option. By default the `get-login` tries to include email but it usually can't find it. – stdunbar Jan 14 '19 at 18:28
  • @stdunbar, the `aws ecr get-login` command returns `docker login -u AWS -p -e none ...` Am I not to execute it entirely as returned? I've removed everything but the `docker login -u AWS -p ` part of the command and get some warning about `using --password is insecure, use --password-stdin instead`, then an error during connect `failed to get registry endpoint from daemon (error during connect: Get https://192.168.**.***. A connection attempt failed because the connected party did not properly respond after a period of time`. – JP Damstra Jan 14 '19 at 19:02

2 Answers2

4

The --no-include-email flag is an AWS CLI flag, not a docker flag. To use it, add it to your get-login call:

$ aws ecr get-login --no-include-email
docker login -u AWS -p ey...V9 https://123456789.dkr.ecr.us-east-1.amazonaws.com

Try comparing with and without the --no-include-email flag. You'll notice that using --no-include-email omits the -e none part of the output. You can copy/paste the given command to login to docker. To save you the copy/paste, login with one command:

eval "$(aws ecr get-login --no-include-email)"
Justin Howard
  • 5,504
  • 1
  • 21
  • 48
3

This worked for me with AWS CLI version 2:
docker login --username AWS -p $(aws ecr get-login-password) <aws-ecr-url>

Jordan Morris
  • 2,101
  • 2
  • 24
  • 41