aws ecr get-login broken in latest rc build

[sixcorners]

$ `aws ecr get-login`
unknown shorthand flag: 'e' in -e
See 'docker login --help'.

$ docker --version
Docker version 17.06.0-ce-rc4, build 29fcd5d

[JordonPhillips]

You will need to supply the --no-include-email flag

[rpnguyen]

Also, please see this forum post for more context about this https://forums.aws.amazon.com/ann.jspa?annID=4656

[ottumm]

Why is this marked as "closing-soon-if-no-response"? The aws commandline tool is generating an incorrect docker login command, so this seems like a bug with aws, not a question.

[ottumm]

You will need to supply the --no-email flag

The flag is --no-include-email, not --no-email.

[JordonPhillips]

@ottumm We can't change our current behavior or we'll break customers locked to older versions of docker. The compromise is to have the flag which will allow customers who upgrade to unblock themselves.

[Clecompt]

Rather than adding a flag why not detect the docker version. It seems that the AWS client has enough information to decide whether or not to include the -e in the login command rather than generating an invalid command.

[ottumm]

Absolutely agree with @Clecompt. There are environments (e.g. Travis) where the Docker version is not under the user's control. Detecting the Docker version and emitting the appropriate command seems like the right thing to do here.

[stealthycoin]

Because detecting the docker version and testing that on every possible system configuration people are using in the CLI in is not feasible and very brittle even if we could get it to work. Even if we could get this to work that makes the assumption that the login command is being run on the same machine in the environment where we detected the docker version. People have very complicated build systems spread out over multiple machines/images/environments so that is not an acceptable assumption to make.

You can control the docker version in travis by the way using the before_install key.

[jt-helsinki]

@stealthycoin Has this issue been fixed?

Agreed that detecting the docker version is no good.

The email option has been removed from Docker so having some sort of --no-include-email flag is required.

[vanaparth]

@JordonPhillips I am adding --no-include-email it gives me Unknown Options. According aws docs, Updated to latest version still I get the same Unknown Options.

[igarcez]

@vanaparth had the same issue, updating aws cli tools with sudo pip install --upgrade awscli fixed the problem

[vanaparth]

I tried the command which you mentioned still getting the same problem. Is there any other way we can clear this issue. @igarcez

[vanaparth]

@igarcez Here is the other way to login. I have a workaround
sudo docker login -u AWS -p $(aws ecr get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2) ${ECR_URL}.

[sfertman]

Still broken. Installed the latest version of AWS CLI.
Running this command:

aws ecr get-login --region <my-region> --no-include-email

returns

Unknown options: --no-include-email

[zeg-io]

Still an issue!

aws ecr get-login --region us-west-2 --no-include-email

yields:

Unknown options: --no-include-email

$ aws --version

aws-cli/1.11.13 Python/3.5.2 Linux/4.4.0-1022-aws botocore/1.4.70

[bbakersmith]

@sfertman @zeg-io you're not using the latest. i'm on 1.11.120 and the following works for me

aws ecr get-login --region us-east-2 --no-include-email

looks like it was added in 1.11.91: 4b3e8d0

[mmas]

@zeg-io you are actually using version 1.11.130 (aws-cli/1.11.13), I just downgraded to 1.11.120 and it works ok

[bbakersmith]

@mmas why do you say he's using version 1.11.130 when it says aws-cli/1.11.13? I'm running 1.11.120 and it doesn't get truncated when I run --version, it shows aws-cli/1.11.120.

[mmas]

@bbakersmith I had version 1.11.130 (checked with pip) and it was showing truncated for me with awscli --version

[bbakersmith]

@mmas odd. it doesn't for me. I just upgraded and get aws-cli/1.11.130 as expected.

[bbakersmith]

And the --no-include-email flag does work in 1.11.130 for me.

[chris-ryu]

aws-cli/1.11.42 Python/2.7.10 Darwin/16.7.0 botocore/1.5.5
I've got still "Unknown options: --no-include-email"

[bbakersmith]

@ChrisRyuGS You need to upgrade. As I said a few comments up, it was added in 1.11.91
#2676 (comment)

[chris-ryu]

@bbakersmith Thank you.
It was python version problem.

[tsengsy]

Hopefully this helps someone, as my aws --version was not changing (Ubuntu 16.04).

Managed to resolve by using pip3 instead:

pip3 install --upgrade awscli

This may require you to install

apt-get install python3-pip

Before pip3
aws-cli/1.11.13 Python/3.5.2 Linux/4.4.0-1038-aws botocore/1.4.70

After pip3
aws-cli/1.14.2 Python/3.5.2 Linux/4.4.0-1041-aws botocore/1.8.6

[altitude]

For people coming from Google stuck here on old environments, there's an easy solution :

eval $(aws ecr get-login --region eu-west-1 | sed 's/ \-e none//')

[mosesliao]

Mine is strange, I got this error

and guess what? I use amazon image

This is my buildspec.yml

version: 0.2

phases:
  install:
    commands:
      - $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
  build:
    commands:
      - echo Build started on `date`
      - echo Building the Docker image...
      - docker build -t timesheet-cakephp:latest .
      - docker tag timesheet-cakephp:latest 502776083946.dkr.ecr.ap-southeast-1.amazonaws.com/timesheet-cakephp
  post_build:
    commands:
      - echo Build completed on `date`
      - echo Pushing the Docker image...
      - docker push 502776083946.dkr.ecr.ap-southeast-1.amazonaws.com/timesheet-cakephp

[branflake2267]

The workaround for aws docker login error I use.

• Run aws ecr get-login
• Run the output of get-login. (Remove the flag -e none in the comand). Look for successful login output.
• Run cat ~/.docker/config.json to verify.

[ricardojohnny]

This status code usually indicates an unauthorized user. To fix this, we need to let our Code Build role be able to talk to ECR. To do this: Go to IAM and then attach a AmazonEC2ContainerRegistryPowerUser policy to your CodeBuild role.