[英]AWS ECR GetAuthorizationToken Issue
I have Jenkins setup for deploying my docker images to a Amazon ECR repository.我有 Jenkins 设置,用于将我的 docker 映像部署到 Amazon ECR 存储库。
I have enabled 2FA in my AWS account for the IAM user.我在我的 AWS 账户中为 IAM 用户启用了 2FA。 I have attached all admin polices to my IAM User.
我已将所有管理策略附加到我的 IAM 用户。 I am following the below command to push my docker image source to Amazon ECR repository.
我正在按照以下命令将我的 docker 镜像源推送到 Amazon ECR 存储库。
aws sts get-session-token --serial-number arn-of-the-mfa-device --token-code code-from-token
Ref Link : https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/参考链接: https : //aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/
Jenkins Code:詹金斯代码:
export aws configure
export AWS_ACCESS_KEY_ID=AKIAJ6CAU****
export AWS_SECRET_ACCESS_KEY=TRXaGmEHN5******
export AWS_DEFAULT_REGION=eu-west-2
$(aws ecr get-login --no-include-email --region eu-west-2)
docker tag add-product:latest 06423123213.dkr.ecr.eu-west-2.amazonaws.com/add-product:$BUILD_NUMBER
docker push 06423123213.dkr.ecr.eu-west-2.amazonaws.com/add-product:$BUILD_NUMBER
I have facing the issue when I deploy to Amazon ECR.我在部署到 Amazon ECR 时遇到了这个问题。
"An error occurred (AccessDenied) when calling the GetSessionToken operation: Cannot call GetSessionToken with session credentials" “调用 GetSessionToken 操作时发生错误 (AccessDenied):无法使用会话凭据调用 GetSessionToken”
"An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, unable to validate MFA code" “调用 GetSessionToken 操作时发生错误 (AccessDenied):MultiFactorAuthentication 失败,无法验证 MFA 代码”
Ref Link : AWS ECR GetAuthorizationToken参考链接: AWS ECR GetAuthorizationToken
anyway ECR token has a short expiry cycle, you can try to use ecr credential helper instead.无论如何 ECR 令牌的到期周期很短,您可以尝试使用 ecr 凭证助手代替。 and point your docker to leverage on the helper
并指向您的 docker 以利用助手
{
"credHelpers": {
"aws_account_id.dkr.ecr.region.amazonaws.com": "ecr-login"
}
} }
refer: https://lwpro2.wordpress.com/2019/10/30/authenticating-amazon-ecr-repositories-for-docker-cli-with-credential-helper/参考: https : //lwpro2.wordpress.com/2019/10/30/authenticating-amazon-ecr-repositories-for-docker-cli-with-credential-helper/
See if the aws-generated AWS_SECRET_ACCESS_KEY has "/".查看 aws 生成的 AWS_SECRET_ACCESS_KEY 是否有“/”。 If you have the "/" generate a new AWS_SECRET_ACCESS_KEY without and add that it will work \\o/
如果你有“/”生成一个新的 AWS_SECRET_ACCESS_KEY 没有并添加它会工作 \\o/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.