Get-login deprecated

FYI, peeps. The example given on page 42:

$(aws ecr get-login --no-include-email)

is deprecated (actually, disabled) as of Docker 17.xx. I ended up using this to login:

docker login -u AWS -p $(aws ecr get-login-password --profile default) repo_name

Hi @faberfedor
you run the commands outside of the temporary working environment we provide, right?

I can also find the following example in the docs:

aws ecr get-login-password \
| docker login \
    --username AWS \
    --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com

Not sure if there are advantages over one of the two solutions?

btw: can you post the error message? I don’t see any difference in your command and the command that is executed when running aws ecr get-login --no-include-email

Sure thing:

[faber@Fabers-MacBook-Air dashboard-apis (rapid_docker)] 2020-11-11 11:43:40$ aws ecr get-login --no-include-email
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:

batch-check-layer-availability           | batch-delete-image
batch-get-image                          | complete-layer-upload
create-repository                        | delete-lifecycle-policy
delete-repository                        | delete-repository-policy
describe-image-scan-findings             | describe-images
describe-repositories                    | get-authorization-token
get-download-url-for-layer               | get-lifecycle-policy
get-lifecycle-policy-preview             | get-repository-policy
initiate-layer-upload                    | list-images
list-tags-for-resource                   | put-image
put-image-scanning-configuration         | put-image-tag-mutability
put-lifecycle-policy                     | set-repository-policy
start-image-scan                         | start-lifecycle-policy-preview
tag-resource                             | untag-resource
upload-layer-part                        | get-login-password
wait                                     | help

Googling led me to this page: https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html

Yes, I am running it locally in my Mac environment.

The docs mention that using get-login-password will make your password visible to other users on your machine and the get-authorization-token should be used instead. I’ll be looking into that later today.

From the get-authorization-token docs:

The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The AWS CLI offers an get-login-password command that simplifies the login process

Bottom line is:

  1. The deprecation is not related to Docker, it is related to the AWS CLI
  2. We should switch from $(aws ecr get-login --no-include-email) to aws ecr get-login-password | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com
1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

We updated the ebook and code examples to use the new aws ecr get-login-password | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com approach!