Using vanilla docker to build and PUSH to AWS ECR failing



Most of the tutorials talk about PULLING a private registry, I don’t want to do that, I want to use a public docker image to build and then PUSH to AWS ECR.

I have tried setting the AWS integration, I have tried adding the AWS_XYZ environment variables in the settings and I have tried hard coding the environment variables using the environment tag. Whatever I do I end up with the same error when I push:

#!/bin/sh -eo pipefail
login = "$(aws ecr get-login)"
docker tag xxxxx:latest
docker push


Login timed out after 60 seconds

The push refers to a repository []


no basic auth credentials
Exited with code 1

The entire config.yml:

version: 2
      - image: docker:17.05.0-ce-git
          AWS_ACCESS_KEY_ID: xxx
          AWS_SECRET_ACCESS_KEY: xxx
          AWS_DEFAULT_REGION: xxx
      - checkout
      - setup_remote_docker
      - run:
          name: Install dependencies
          command: |
            apk add --no-cache \
            pip install \
              docker-compose==1.12.0 \
      - run:
          name: Build docker image
          command: |
            docker build -t xxx .
      - deploy:
          name: Push to AWS
          command: |
            login = "$(aws ecr get-login)"
            docker tag xxx
            docker push xxx

I know it is something stupid I am doing, but I can’t see it…

Help :slight_smile:

Using 'docker login' with 'setup_remote_docker' to push to a private repository?

I do something similar with CodeFresh, I wonder if it is how you are storing your env vars? Mine are in the app rather than the config.yml.

I log in like so:

docker login -u username -p ${CODEFRESH_REGISTRY_TOKEN}

And then I set the CODEFRESH_REGISTRY_TOKEN env var here:

Settings (account) > (project) > Environment Variables

If that does not help, can aws print more verbose errors, using a console switch? Maybe try setting a new dummy var and echo it at the point of need, in case there is a reason they are not in force where you need them?


I usually use $(aws ecr get-login --region=$AWS_REGION --no-include-email)


Thanks both. I have given up with aws and using a third party registry which doesn’t require their own tooling. I can still only get it to work by inlining the -u and -p though.


This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.