aws ecr saying "Cannot perform an interactive login from a non TTY device" after copied cmd from "Amazon Container Services"

Question

I am trying to set up docker image of amazon ECR on ubuntu18.04 machine of AWS,using commands provided by view push commands of Amazon Container Services

,please note i have already set up docker on my ubuntu18.04 and also output of docker -v is as below

ubuntu@ip-172-31-0-143:~$ docker -v
Docker version 19.03.7, build 7141c199a2

When i execute the command provided by amazon container services on aws cli on ubuntu18.04 i get error as Error: Cannot perform an interactive login from a non TTY device

The command which i am using is

aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 8233251134332.dkr.ecr.us-east-2.amazonaws.com/gatling-lots

please note i have successfully configured awscli and i can see the detailed from aws s3 ls

Here is detailed error log

ubuntu@ip-172-31-0-143:~$ aws ecr get-login-password --region us-   
east-2 | docker login --username AWS --password-stdin 
823443336.dkr.ecr.us-west-2.amazonaws.com/gatling-lots
usage: aws [options] <command> <subcommand> [<subcommand> ...]      
[parameters]
 To see help text, you can run:

aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:

 batch-check-layer-availability           | batch-delete-image                      
 batch-get-image                          | complete-layer-upload                   
create-repository                        | delete-lifecycle-policy                 
delete-repository                        | delete-repository-policy                
 describe-images                          | describe-repositories                   
 get-authorization-token                  | get-download-url-for-layer              
 get-lifecycle-policy                     | get-lifecycle-policy-preview            
 get-repository-policy                    | initiate-layer-upload                   
 list-images                              | put-image                               
 put-lifecycle-policy                     | set-repository-policy                   
 start-lifecycle-policy-preview           | upload-layer-part                       
 get-login                                | help                                    
 Error: Cannot perform an interactive login from a non TTY device

output of

ubuntu@ip-172-31-0-143:~$ (aws ecr get-login --no-include-email  --region us-east-2)

docker login -u AWS -p 

MzQxL2c0Yks4RjVxeDg9IiwidmVyc2lvbiI6IjIiLCJ0eXBlIjoiREFUQV9LRVkiLCJleHBpcmF0aW9uIjoxNTgzNjgzNDY5fQ== https://825251119036.dkr.ecr.us- east-2.amazonaws.com

seems like you are using `awscliv1`, while the above command is for `awscliv2`, check your awscli version, or you can try `$(aws ecr get-login --no-include-email --region us-east-2)` — Adiii, Mar 08 '20 at 02:06
@Adiii i have added the content of your question in the question above,it says access denied,what can be the casue i can see the output of aws s3 ls — Carolyn Cordeiro, Mar 08 '20 at 02:14
you have only access to s3, you need to request to your AWS account admin to allow to get `GetAuthorizationToken` you need ` "ecr:GetAuthorizationToken",` this permission. for detail https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html — Adiii, Mar 08 '20 at 02:24
@Adiii now i am getting output for ```$(aws ecr get-login --no-include-email --region us-east-2)``` ,as i have update din teh question above but still my problem. not solved i.e. i am getting ```Error: Cannot perform an interactive login from a non TTY device``` for aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 8233251134332.dkr.ecr.us-east-2.amazonaws.com/gatling-lots — Carolyn Cordeiro, Mar 08 '20 at 04:14
you need to add `$` or you can run the ouput command and then you will get login. seems like you miss `$` sign. try with `$(aws ecr get-login --no-include-email --region us-east-2)` — Adiii, Mar 08 '20 at 05:53

score 101 · Accepted Answer · answered May 17 '20 at 15:30

101

The problem is not aws but docker. The solution is on docker to use the -p parameter, and wrap the aws login call to the -p parameter as such:

docker login -u AWS -p $(aws ecr get-login-password --region the-region-you-are-in) xxxxxxxxx.dkr.ecr.the-region-you-are-in.amazonaws.com

And this requires AWS CLI version 2.

answered May 17 '20 at 15:30

Devin Dixon

10,229
21
78
150

2

This was the perfect solution for me. – Johnathan Hair Jul 08 '20 at 23:04
2

This should be the accepted solution. The accepted solution did not work for me. – James G Oct 30 '20 at 00:33
Works perfectly. – KnowYourElements Dec 22 '20 at 05:20
2

this may not be the safest method as mentioned here https://github.com/aws/aws-cli/issues/4962#issuecomment-591266185 – Kapoor Apr 18 '21 at 14:38
This should not be used if there's another alternative. See https://stackoverflow.com/a/51518255/5640649 – lealceldeiro Nov 01 '21 at 13:48

score 15 · Answer 2 · answered Jul 12 '21 at 17:55

15

docker login prints this error message when you use --password-stdin, but don't actually send a password to the command's stdin.

For example:

$ echo "" | docker login --password-stdin --username jorendorff
Error: Cannot perform an interactive login from a non TTY device

Therefore, almost any kind of problem with the command before the | pipe symbol will result in this unhelpful error message.

answered Jul 12 '21 at 17:55

Jason Orendorff

39,955
4
59
96

1

For me it aws cli failing with bad access keys that caused the error `aws ecr get-login-password [snip] | docker login --username AWS --password-stdin` – henrycarteruk Jul 13 '21 at 14:40

score 14 · Answer 3 · answered May 02 '21 at 02:13

14

it took me forever to figure out that the issue was that I forgot to run aws configure and enter the right details. That solved my issue.

answered May 02 '21 at 02:13

Joseph

144
1
7

Thanks. It made my day – Ghil Maan Aug 04 '21 at 11:59

score 13 · Answer 4 · answered Mar 17 '20 at 10:40

13

You need to install AWS CLI version 2. Follow the instructions in this link

answered Mar 17 '20 at 10:40

Achira Shamal

511
5
18

score 6 · Answer 5 · answered Nov 06 '20 at 16:55

6

This command does the trick in bash and linux at 2020/10/06:

linux@host:~$ $(aws ecr get-login --no-include-email)

That's because

$ aws ecr get-login --no-include-email

Gives the following output:

docker login -u AWS -p xxxxxxxxxxxxx== https://xxx.dkr.ecr.eu-west-1.amazonaws.com

answered Nov 06 '20 at 16:55

Fernando Pérez Casas

61
1
1

This solution works with AWS CLI Version 1.X. See https://docs.aws.amazon.com/cli/latest/userguide/welcome-versions.html for more details on the differences and how to update to AWS CLI Version 2.X. – Pat Mar 12 '21 at 17:37

score 5 · Answer 6 · edited Jul 13 '20 at 13:21

Below steps are resolve that issue.

$curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

$aws --version

aws-cli/2.0.30 Python/3.7.3 Linux/4.14.181-142.260.amzn2.x86_64 botocore/2.0.0dev34

$aws ecr get-login-password --region your_region | docker login --username AWS --password-stdin Account_ID.dkr.ecr.your_region.amazonaws.com

Replace your Account ID and Region.

score 2 · Answer 7 · answered Apr 02 '21 at 16:40

2

Devin's answer is correct.

But there is one more way. The updated version of docker requires this parameter --password-stdin.

aws ecr get-login-password --region <YOUR_REGION> | docker login --username AWS --password-stdin  <ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com

answered Apr 02 '21 at 16:40

Jigar

2,911
1
23
47

1

You mean the way that the question is about not working? Because the fact that this complains about "non TTY device" is precisely the issue. – theherk May 27 '21 at 14:42

Dynamdilshan · Answer 8 · 2022-02-08T05:39:00.770

I know this question is answered already, but, this was my experience.

This didn't work for me initially.

aws ecr get-login-password --region <your-region>| docker login --username AWS --password-stdin <your-container>

I had the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY saved under variables in GitLab.

But the solution was to uncheck the Protected flag from the variables saved on GitLab. I don't know how secure this approach is, but, it did work for me.

I hope this would help someone one day.

score 0 · Answer 9 · answered Jul 12 '21 at 15:01

0

Also remember you cannot log into partitioned regions (cn-* or gov) while using a non-partitioned AWS profile. Add --profile foo to specify a profile with your designated region.

answered Jul 12 '21 at 15:01

dz902

3,371
30
29

score 0 · Answer 10 · edited Sep 17 '21 at 00:07

0

In my case, I forgot to add ECR related policy in my AWS IAM. To add a policy follow these steps.

edited Sep 17 '21 at 00:07

bad_coder

8,684
19
37
59

answered Sep 16 '21 at 11:11

hemant yadav

1

score 0 · Answer 11 · answered Jan 04 '22 at 21:11

0

The issue I found is AWS CLI v1 vs AWS CLI v2. I resolved this by uninstalling v1 and installing AWS CLI v2.

answered Jan 04 '22 at 21:11

Sean Faria

1

score 0 · Answer 12 · answered Jan 19 '22 at 21:42

0

No worries in this case. Just type 'aws configure' in your terminal and paste the security credentials such as 'aws_access_key_id' and 'aws_secret_access_key'and then type the region of the repository and the output format as 'json'.

It worked for me.

answered Jan 19 '22 at 21:42

Tirumaleshn

11
1

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 20 '22 at 00:16

aws ecr saying "Cannot perform an interactive login from a non TTY device" after copied cmd from "Amazon Container Services"

12 Answers12

Linked