I get AWS ECR exit status 255 despite using AWS ubuntu containers

Moses Liao GZ picture Moses Liao GZ · Oct 8, 2018 · Viewed 11.3k times · Source

I am trying to build a docker container in AWS code build as a means to deploy a container to ECR, but I get this error.

Error while executing command: $(aws ecr get-login --region ap-southeast-1). Reason: exit status 255

enter image description here

This command was run on the buildspec.yml file, using aws/codebuild/ubuntu-base:14.04 and Enable this flag if you want to build Docker images or want your builds to get elevated privileges.

The log files are as follows:

[Container] 2018/10/11 00:52:49 Running command $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)

An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:sts::502776083946:assumed-role/code-build-timesheet/AWSCodeBuild-f1d205b1-b03f-4727-a4d7-a02118021eec is not authorized to perform: ecr:GetAuthorizationToken on resource: *

[Container] 2018/10/11 00:52:52 Command did not exit successfully $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email) exit status 255
[Container] 2018/10/11 00:52:52 Phase complete: INSTALL Success: false
[Container] 2018/10/11 00:52:52 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email). Reason: exit status 255

Answer

Kentoy picture Kentoy · Apr 9, 2019

This status code usually indicates an unauthorized user. To fix this, we need to let our Code Build role be able to talk to ECR. To do this: Go to IAM and then attach a AmazonEC2ContainerRegistryPowerUser policy to your CodeBuild role.