aws ecr saying "Cannot perform an interactive login from a non TTY device" after copied cmd from "Amazon Container Services"

Question

I am trying to set up docker image of amazon ECR on ubuntu18.04 machine of AWS,using commands provided by view push commands of Amazon Container Services

,please note i have already set up docker on my ubuntu18.04 and also output of docker -v is as below

ubuntu@ip-172-31-0-143:~$ docker -v
Docker version 19.03.7, build 7141c199a2

When i execute the command provided by amazon container services on aws cli on ubuntu18.04 i get error as Error: Cannot perform an interactive login from a non TTY device

The command which i am using is

aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 8233251134332.dkr.ecr.us-east-2.amazonaws.com/gatling-lots

please note i have successfully configured awscli and i can see the detailed from aws s3 ls

Here is detailed error log

ubuntu@ip-172-31-0-143:~$ aws ecr get-login-password --region us-   
east-2 | docker login --username AWS --password-stdin 
823443336.dkr.ecr.us-west-2.amazonaws.com/gatling-lots
usage: aws [options] <command> <subcommand> [<subcommand> ...]      
[parameters]
 To see help text, you can run:

aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:

 batch-check-layer-availability           | batch-delete-image                      
 batch-get-image                          | complete-layer-upload                   
create-repository                        | delete-lifecycle-policy                 
delete-repository                        | delete-repository-policy                
 describe-images                          | describe-repositories                   
 get-authorization-token                  | get-download-url-for-layer              
 get-lifecycle-policy                     | get-lifecycle-policy-preview            
 get-repository-policy                    | initiate-layer-upload                   
 list-images                              | put-image                               
 put-lifecycle-policy                     | set-repository-policy                   
 start-lifecycle-policy-preview           | upload-layer-part                       
 get-login                                | help                                    
 Error: Cannot perform an interactive login from a non TTY device

output of

ubuntu@ip-172-31-0-143:~$ (aws ecr get-login --no-include-email  --region us-east-2)

docker login -u AWS -p 

MzQxL2c0Yks4RjVxeDg9IiwidmVyc2lvbiI6IjIiLCJ0eXBlIjoiREFUQV9LRVkiLCJleHBpcmF0aW9uIjoxNTgzNjgzNDY5fQ== https://825251119036.dkr.ecr.us- east-2.amazonaws.com

Answer 1

The problem is not aws but docker. The solution is on docker to use the -p parameter, and wrap the aws login call to the -p parameter as such:

docker login -u AWS -p $(aws ecr get-login-password --region the-region-you-are-in) xxxxxxxxx.dkr.ecr.the-region-you-are-in.amazonaws.com

And this requires AWS CLI version 2.

Answer 2

docker login prints this error message when you use --password-stdin, but don't actually send a password to the command's stdin.

For example:

$ echo "" | docker login --password-stdin --username jorendorff
Error: Cannot perform an interactive login from a non TTY device

Therefore, almost any kind of problem with the command before the | pipe symbol will result in this unhelpful error message.

Answer 3

it took me forever to figure out that the issue was that I forgot to run aws configure and enter the right details. That solved my issue.

Answer 4

You need to install AWS CLI version 2. Follow the instructions in this Installing or updating the latest version of the AWS CLI

Answer 5

This command does the trick in bash and linux at 2020/10/06:

linux@host:~$ $(aws ecr get-login --no-include-email)

That's because

$ aws ecr get-login --no-include-email

Gives the following output:

docker login -u AWS -p xxxxxxxxxxxxx== https://xxx.dkr.ecr.eu-west-1.amazonaws.com

Answer 6

Devin's answer is correct.

But there is one more way. The updated version of docker requires this parameter --password-stdin.

aws ecr get-login-password --region <YOUR_REGION> | docker login --username AWS --password-stdin  <ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com

Answer 7

I know this question is answered already, but, this was my experience.

This didn't work for me initially.

aws ecr get-login-password --region <your-region>| docker login --username AWS --password-stdin <your-container>

I had the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY saved under variables in GitLab.

But the solution was to uncheck the Protected flag from the variables saved on GitLab. I don't know how secure this approach is, but, it did work for me.

I hope this would help someone one day.

Answer 8

Below steps are resolve that issue.

$curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

$aws --version

aws-cli/2.0.30 Python/3.7.3 Linux/4.14.181-142.260.amzn2.x86_64 botocore/2.0.0dev34

$aws ecr get-login-password --region your_region | docker login --username AWS --password-stdin Account_ID.dkr.ecr.your_region.amazonaws.com

Replace your Account ID and Region.

Answer 9

I had the same problem with Atlassian Bamboo, and logging into AWS ECR from an SSH task in a build plan.

I could not run aws configure because of insufficient permissions.

So I solved this by setting the AWS credential variables and then the docker login as proposed by one of the other answers:

export AWS_ACCESS_KEY_ID=<value>
export AWS_SECRET_ACCESS_KEY=<value>
docker login -u AWS -p $(aws ecr get-login-password --region <region>) <accountid>.dkr.ecr.<region>.amazonaws.com

The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY can be created in your AWS profile, Security Credentials section.

Hope this helps someone, and a future me when I forget and come back to find help.

Answer 10

You have to give the command the profile that your sso is saved under.

Example, run

aws configure list-profiles
cat ~/.aws/credentials

Then use that profile when you make calls:

aws ecr get-login-password --region us-east-1 --profile saml

Answer 11

Also remember you cannot log into partitioned regions (cn-* or gov) while using a non-partitioned AWS profile. Add --profile foo to specify a profile with your designated region.

Answer 12

You need to authorize your EC2 machine to access AWS services either by

• running aws configure and providing the right details OR
• Give your EC2 machine a role to enable it access ECR

Also if you run your docker commands with sudo, then add sudo before the docker command as shown below

aws ecr get-login-password --region us-west-2 | sudo docker login --username AWS --password-stdin 8233251134332.dkr.ecr.us-east-2.amazonaws.com/gatling-lots

Cheers.

Answer 13

Hope this helps someone.

I tried everything until I removed hyphens from my aws account id. If your right click on your username, aws shows your account id like this:

6897-6070-0765

If you put that into the command, it won't work. It works without the dashes:

sudo aws ecr get-login-password --region us-east-1 | sudo docker login --username AWS --password-stdin 689760700765.dkr.ecr.us-east-1.amazonaws.com

Answer 14

Just try to add "sudo" before docker:

aws ecr get-login-password --region us-west-2 | sudo docker login
   --username AWS --password-stdin 8233251134332.dkr.ecr.us-east-2.amazonaws.com/gatling-lots

Answer 15

I am facing the same issue on Ubuntu 22.04 I have followed the below commands and it works for me.

1). Retrieve an authentication token and authenticate your Docker client to your registry.

aws ecr-public get-login-password --region <your_region> | docker login --username AWS --password-stdin <your_repo_URI>

2). sudo chmod 666 /var/run/docker.sock

3). aws ecr-public get-login-password --region <your_region> | docker login --username AWS --password-stdin <your_repo_URI>

Answer 16

In my case, I forgot to add ECR related policy in my AWS IAM. To add a policy follow these steps.

Answer 17

The issue I found is AWS CLI v1 vs AWS CLI v2. I resolved this by uninstalling v1 and installing AWS CLI v2.

Answer 18

No worries in this case. Just type 'aws configure' in your terminal and paste the security credentials such as 'aws_access_key_id' and 'aws_secret_access_key'and then type the region of the repository and the output format as 'json'.

It worked for me.

Answer 19

I got this error on Ubuntu 18.04 after my AWS CLI was automatically updated.

I solved it by reverting it back to the previous version using this command:

sudo apt-get install awscli=1.14.44-1ubuntu1 -V

Answer 20

I faced this error after re-starting Docker.

It was solved when I did docker login initially.

Then aws ecr get-login-password --region <your_region> | docker login --username AWS --password-stdin <your_uri>/<your_image> command worked again.

Answer 21

All of the above did not work for me on a windows OS. However, windows (10) was suggesting updates. I applied the Update & Restart and when I executed the login command

aws ecr get-login-password --region **your_region_code** | sudo docker login --username AWS --password-stdin **numeric-account-id**.dkr.ecr.**your-region-code**.amazonaws.com* 

Everything worked again normally.

Answer 22

This issue is common having used aws configure to input you temporary aws credentials and having used either aws configure set aws_session_token <session_token> or directly pasting the token in the ~/.aws/credentials file.

It may initially arise after a docker image build and docker fails to push the image with a Error saving credentials: error storing credentials - err: error.

On trying to update the docker credentials which are typically stored in ~/.docker/config.json, using aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <accountID>.dkr.ecr.eu-west-1.amazonaws.com you will be faced with a An error occurred (ExpiredTokenException) when calling the GetAuthorizationToken operation: The security token included in the request is expired Error: Cannot perform an interactive login from a non TTY device error.

Having uderstood the base scenario, here are the step I recommend to solve it:

1. In the amazon web portal, on the page with Management cosole | Command line or programmatic access, refresh the page and click on Command line or programmatic access.
2. In your CLI:

• rm -rf ~/.aws

• rm -rf ~/.docker/config.json

• aws configure - at this point, paste in the Access Key ID, Secret Access Key, your region and output as json(These details should be acquired from the refreshed console access credentials page).

• aws configure set aws_session_token "<token-goes-here>" - IMPORTANT: The new session token must be pasted here.

3. You can go on to now run: aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com

And you're done, all should be good now.

Answer 23

for me, it was related to log in again with saml2aws

saml2aws login --force

aws --profile YOUR_AWS_PROFILE sts get-caller-identity

then try to login again AWS with Docker

aws --profile YOUR_AWS_PROFILE ecr get-login-password | docker login --username AWS --password-stdin xxxxxxxxxx.dkr.ecr.eu-west-1.amazonaws.com

Answer 24

Update, 2023-07-18

Platform: Arch Linux amd64 (6.4.3-arch1-2)

I had to downgrade from 2.13.1 to 2.12.1 to get rid of this error (same as OP).

Answer 25

For AWS Cloudshell users having this issue, problem is with docker access. Default user will not have access to docker since it was installed as sudo. And default user only have access to aws resources. If you run the command as sudo you will get the access related issue like setup aws account with aws configure. So the solution is to make the cloud shell user get docker access. Following commands could be useful for this.

# Add docker group, mostly it will be there, so it will be ignored
sudo groupadd docker
# Add cloudshell-user to the group
sudo gpasswd -a $USER docker
# Update changes
newgrp docker

Now try running the docker login to ecr

Answer 26

This answer is for similar error getting for github actions. Please try this and let me know if this works

- name: Docker login
      uses: docker/login-action@v2
      with:
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}```

Answer 27

Ensure you are using the latest version of AWS CLI. Follow these instructions to install/upgrade AWS CLI.