[SOLVED] Pull docker image from AWS ECR using remote API

Issue

I have followed this post to try to download a Docker image from AWS ECR but I get the following errors:

If I do:

#!/bin/sh

repository="2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro"
tag="2.13.0-np-1.0"

ecr_token=$(aws ecr get-authorization-token --output text --query authorizationData[].authorizationToken | cut -d: -f2)

docker_login=$(echo "{\"username\":\"AWS\",\"password\":\"${ecr_token}\", \"auth\":\"\",\"email\":\"none\"}" | base64)

curl -X POST -d "" -H "X-Registry-Auth: ${docker_login}" http://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}

Then I get the following error:

$ error parsing HTTP 403 response body: invalid character 'Y' looking for beginning of value: "Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one."

Even though I just "requested" the token.

And if I do this:

#!/bin/sh

repository="2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro"
tag="2.13.0-np-1.0"

ecr_token=$(aws ecr get-login | awk '{print ($6)}')

docker_login=$(echo "{\"username\":\"AWS\",\"password\":\"${ecr_token}\", \"auth\":\"\",\"email\":\"none\"}" | base64)

curl -X POST -d "" -H "X-Registry-Auth: ${docker_login}" http://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}

I get the following error:

$ error parsing HTTP 404 response body: invalid character 'p' after top-level value: "404 page not found\n"

The image is on ECR and I can pull it if I do the docker login ... and then docker pull 2xxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/nexus-pro:2.13.0-np-1.0

I'm not sure what I'm doing wrong here.. Any help is very much appreciated!

Solution

Basic authentication is only supported over HTTPS. The docker client will not send basic auth headers when pushing/pulling on a registry over HTTP. This is done by design to prevent people sending their credentials over insecure channels. Using SSL should get rid of the issue.

Try using below:

https://${ip_address}:4243/images/create?fromImage=${repository}&tag=${tag_source}

Or enable a SSL certificate for the instance from where you are pulling the image. Tis might help you. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html

Answered By - error2007s

Answer Checked By - Terry (WPSolving Volunteer)