FG
☁️ Cloud & DevOpsAmazon

ECR get-login-password for docker login yields 400 bad request

Freshabout 21 hours ago
Mar 14, 20260 views
Confidence Score55%
55%

Problem

Confirm by changing [ ] to [x] below to ensure that it's a bug: - [x] I've gone though the User Guide and the API reference - [x] I've searched for previous similar issues and didn't find any solution Describe the bug I want to login into ECR in us-west-2, because I would like to pull the aws-iam-authenticator image, ie `docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.0-alpine-3.7`. The docker login instructions on the release page are out of date. I followed the instructions in the AWS CLI get-login-password, but I get HTTP error code 400 back from the server. SDK version number [code block] Platform/OS/Hardware/Device What are you running the cli on? [code block] To Reproduce (observed behavior) [code block] Expected behavior I should be logged in, but I am not Logs/output [code block] Additional context I have found that I can successfully docker login to region us-east-1, but I cannot login to us-west-2. I need to login to us-west-2, so I can pull `602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.0-alpine-3.7`. I looked over the status of ECR for us-west-2 and it's not reporting any issues.

Error Output

error code 400 back from the server.

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix – Awaiting Verification

Fix ECR Login Issue in us-west-2

Medium Risk

The 400 Bad Request error when attempting to login to ECR in us-west-2 may be due to incorrect AWS CLI configuration, region mismatch, or outdated AWS CLI version. The command used might not be properly formatted or the credentials might not have the necessary permissions for the specified region.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Verify AWS CLI Configuration

    Check that your AWS CLI is configured to use the correct region (us-west-2). You can do this by running the command below to see the current configuration.

    bash
    aws configure list
  2. 2

    Update AWS CLI

    Ensure that you are using the latest version of the AWS CLI, as older versions may have bugs or incompatibilities. Update the AWS CLI using the following command.

    bash
    pip install --upgrade awscli
  3. 3

    Login to ECR

    Use the following command to login to ECR in us-west-2. Make sure to replace <aws_account_id> with your actual AWS account ID.

    bash
    aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.us-west-2.amazonaws.com
  4. 4

    Check IAM Permissions

    Ensure that the IAM user or role you are using has the necessary permissions to access ECR in us-west-2. The policy should include actions like 'ecr:GetAuthorizationToken'.

    bash
    aws iam list-attached-user-policies --user-name <your_username>

Validation

After following the steps, run the docker login command again. If successful, you should see 'Login Succeeded'. If you still encounter issues, double-check your IAM permissions and AWS CLI configuration.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

awsclicloudguidanceresponse-requestedclosed-for-stalenessecr