Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34958

Getting "Your Authorization Token has expired" when using ECR credentials

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • amazon-ecr-plugin
    • None
    • Jenkins 2.4
      Docker Build and Publish plugin 1.2.2 (+ PR #41)

      In an attempt to start moving away from our self-hosted Docker Registry. I came across this plugin to make it easier to push to Amazon ECR. And after a (fairly) quick fix of the Docker Build and Publish plugin. Time had come to make that happen.

      But instead I am getting the this error when it attempt to push. So something is wrong.

      The push refers to a repository [somerepo.dkr.ecr.eu-west-1.amazonaws.com/imagename]
1b29323a75d2: Preparing
5bf87793f977: Preparing
5ccb950f635d: Preparing
965c3fc60463: Preparing
f354df03c5c3: Preparing
5f70bf18a086: Preparing
5f70bf18a086: Preparing
9523ecdf69b1: Preparing
5f70bf18a086: Preparing
5f70bf18a086: Preparing
5f70bf18a086: Preparing
5f70bf18a086: Preparing
6d7b4f405a28: Preparing
5f70bf18a086: Preparing
5f70bf18a086: Preparing
099efa904cb9: Preparing
8f83f19c7186: Preparing
1621d30a7846: Preparing
e989ce4ed35e: Preparing
ae30a2e42fe4: Preparing
461f75075df2: Preparing
5f70bf18a086: Preparing
5f70bf18a086: Preparing
6d7b4f405a28: Waiting
099efa904cb9: Waiting
8f83f19c7186: Waiting
1621d30a7846: Waiting
e989ce4ed35e: Waiting
ae30a2e42fe4: Waiting
461f75075df2: Waiting
5f70bf18a086: Waiting
9523ecdf69b1: Waiting
f354df03c5c3: Image push failed
f354df03c5c3: Image push failed
461f75075df2: Waiting
ae30a2e42fe4: Waiting
e989ce4ed35e: Waiting
1621d30a7846: Waiting
8f83f19c7186: Waiting
099efa904cb9: Waiting
6d7b4f405a28: Waiting
9523ecdf69b1: Waiting
5f70bf18a086: Waiting
Error parsing HTTP response: invalid character 'Y' looking for beginning of value: "Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one."
Build step 'Docker Build and Publish' marked build as failure

      In the panel for updating the credentials I also get the message:

      These credentials are valid but do not have access to the "AmazonEC2" service in the region "us-east-1". This message is not a problem if you need to access to other services or to other regions. Message: "You are not authorized to perform this operation. (UnauthorizedOperation)"

      But I am using the AWS Managed policy "AmazonEC2ContainerRegistryPowerUser" to grant Jenkins access. And should pretty much have full access to all the ECR calls it needs. We do use it in 'eu-west-1' though. But the warning clearly states not to worry about it if we are not in that region.

            ifernandezcalvo Ivan Fernandez Calvo
            kristoffer Kristoffer Peterhänsel
            Votes:
            11 Vote for this issue
            Watchers:
            26 Start watching this issue

              Created:
              Updated:
              Resolved: