0

I'm using Azure DevOps pipeline for CI/CD. I'm trying Dockerize and push my docker image to AWS ECR. I already add Docker Registry on Azure Devops (and have access to all pipelines) , I created and used IAM user with AdministrativeAccess and added credentials to Azure Devops. However on my Docker Push task I'm getting unauthorized: authentication required error and my job fails. This is my push task

          - task: Docker@2
            displayName: "PUSH IMAGE TO AWS"
            inputs:
              containerRegistry: AWS
              repository: $(DOCKER_REPOSITORY_NAME)
              command: push
            enabled: true
ilkin
  • 99
  • 1
  • 2
  • 11

1 Answers1

4

IAM user can not be used to login to AWS ECR directly. You will need use the AWS.AccessKeyID and AWS.SecretAccessKey to get a Docker authentication token to login in AWS ECR. See this document.

There are two workarounds to push docker image to AWS ECR.

1, If you use Docker task in azure pipeline like what you did. You will need to add a script task to get the authentication token and login to AWS ECR first. See below:

steps:
- script: |
    aws ecr get-login-password --region $(AWS_REGION) | docker login --username AWS --password-stdin $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com
  displayName: 'Login to AWS'
  env:
    AWS_ACCESS_KEY_ID: $(AWS_ACCESS_KEY_ID)
    AWS_SECRET_ACCESS_KEY: $(AWS_SECRET_ACCESS_KEY)

- task: Docker@2
  displayName: Build docker image
  inputs:
    repository: $(DOCKER_REPOSITORY)
    command: buildAndPush

Please check the detailed steps in this blog.

2, The more convenient workaround is to use the AWS Toolkit for Azure DevOps (Amazon ECR Push task). This task will get the authentication token and login docker client automatically. So after you build your image, then you can use this task to push it to Amazon ECR.

To use Amazon ECR Push task, you need to create a Service Connection(of type AWS).

See this thread for more information.

Levi Lu-MSFT
  • 27,483
  • 2
  • 31
  • 43