Pushing to AWS Using circleci/aws-ecr@3.0.0 Orb

aws
#1

Keep getting Unable to locate credentials. You can configure credentials by running “AWS configure” although my CLI is configured and made sure all required keys, region, act information is in project env variables. Would very much appreciate an advice.

#2

Hello, On line 55 of your config you will want to add --profile MyProfileName

This is assuming I located the correct project for you. If you could share your config here others may be able to assist as well.

#3

Much Appreciated! Below is the config.yml that gives me the error I mentioned above. Also I was under the impression that the profile-name(this is a variable that the orb description includes) defaults to the default:

Javascript Node CircleCI 2.0 configuration file

Check https://circleci.com/docs/2.0/language-javascript/ for more details

version: 2.1
orbs:
aws-ecr: circleci/aws-ecr@3.0.0
jobs:
build:
working_directory: ~/repo
docker:
# specify the version you desire here
- image: circleci/node:8.11.1

  # Specify service dependencies here if necessary
  # CircleCI maintains a library of pre-built images
  # documented at https://circleci.com/docs/2.0/circleci-images/
  # - image: circleci/mongo:3.4.4

steps:
  - checkout

workflows:
build_and_push_image:
jobs:
- aws-ecr/build_and_push_image:
account-url: AWS_ECR_ACCOUNT_URL_ENV_VAR_NAME
aws-access-key-id: ACCESS_KEY_ID_ENV_VAR_NAME
aws-secret-access-key: SECRET_ACCESS_KEY_ENV_VAR_NAME
create-repo: true
dockerfile: myDockerfile
path: pathToMyDockerfile
profile-name: MyProfileName
region: AWS_REGION_ENV_VAR_NAME
repo: myECRRepository
tag: myECRRepoTag

#4

Sorry couldn’t attach the real file due to your limitations of file type

#5

Hi @pastrop - In this case, the profile isn’t an orb parameter that has a default value, but rather an available method for injecting the appropriate variables to be used as parameters to authenticate to AWS. Within the orb, the following parameters (left-side) will default to the following ENV variables (right-side), if set appropriately:

aws-access-key-id: ACCESS_KEY_ID_ENV_VAR_NAME
aws-secret-access-key: SECRET_ACCESS_KEY_ENV_VAR_NAME

These secrets can be injected by either storing them in a Context, available across projects, or as Environment Variables specific to your project.

Using either method, if you store the appropriate values to variables named ACCESS_KEY_ID_ENV_VAR_NAME and SECRET_ACCESS_KEY_ENV_VAR_NAME, these will be picked up by the orb and used as defaults in the aws-ecr/build_and_push_image job.

You can see how this is configured within the orb here, with those values being used as defaults and injected as parameters to the orb.

1 Like
#6

Hi @tomtrahan. Yes I did that! (sorry lousy cut and paste but you get an idea…)

ACCESS_KEY_ID_ENV_VAR_NAME xxxxJB2A
AWS_ECR_ACCOUNT_URL_ENV_VAR_NAME xxxxcom/
AWS_REGION_ENV_VAR_NAME xxxxst-1
SECRET_ACCESS_KEY_ENV_VAR_NAME xxxxwS1L
myECRRepository xxxxrepo

and it looks like they are getting picked by the script but than the login fails…I checked the my AWS CLI is configured correctly as well yet when I run the build I get this:

#!/bin/bash -eo pipefail

aws ecr get-login returns a login command w/ a temp token

LOGIN_COMMAND=$(aws ecr get-login --no-include-email --region $AWS_REGION_ENV_VAR_NAME) # save it to an env var & use that env var to login $LOGIN_COMMAND

Unable to locate credentials. You can configure credentials by running “aws configure”. Exited with code 255

#7

@pastrop Can you open an issue in the GitHub repo for the orb? Thank you!