docker-compose azure-devops azure-pipelines-yaml amazon-ecr

Azure DevOps Pipeline Authorization Error while Running AWS ECR Login in Azure Pipeline YAML

I am encountering an issue while attempting to run an Azure DevOps pipeline using the provided azure-pipeline.yml file. The pipeline is designed to perform various tasks, including AWS ECR login, but I am consistently facing a Pipeline Authorization error. Despite ensuring proper authorization, the error persists, and the pipeline fails to proceed.

My azure-pipeline.yml file:

trigger:
  - Development
resources:
  - repo: self
pool:
  vmImage: ubuntu-latest
variables:
  - group: Development

steps:
  - task: PowerShell@2
    displayName: Check and install AWS.Tools.Installer and AWS.Tools.Common modules
    inputs:
      filePath: Infrastructure/.azure/build/InstallAWSTools.ps1
  
  - task: UseDotNet@2
    displayName: 'Install .NET Core SDK'
    inputs:
      packageType: sdk
      version: 3.1.x
      installationPath: $(Agent.ToolsDirectory)/dotnet

  - task: DockerCompose@0
    displayName: 'Build services'
    inputs:
      dockerComposeFile: '**/docker-compose.yml'
      action: 'Build services'
  
  - script: |
     aws ecr get-login-password --region $(AWS_REGION) | docker login --username AWS --password-stdin $(DOCKER_REPOSITORY)
    displayName: 'Login to AWS'
    env:
      AWS_ACCESS_KEY_ID: $(AWS_ACCESS_KEY_ID)
      AWS_SECRET_ACCESS_KEY: $(AWS_SECRET_ACCESS_KEY)

  - task: DockerCompose@0
    displayName: 'Push services'
    inputs:
      action: 'Push services'
      dockerComposeFile: '**/docker-compose.yml'
      dockerRegistryEndpoint: $(DOCKER_REPOSITORY)

Pipeline Authorization

I have verified that the provided AWS credentials are correct and authorized, yet the pipeline fails with the mentioned authorization error during the Push services step.

If there is an alternative or more reliable method to perform AWS ECR login within an Azure DevOps pipeline, I would greatly appreciate guidance on resolving this authorization issue or suggestions for a different approach.

Thank you for your assistance.

Solution

you can check with the following things to fix the issue:

Go to "Project Settings" > "Service connections", ensure you have set up a Docker Registry service connection with the correct credentials to your AWS ECR.
- Registry type: Others
- Docker Registry: The URL of a specified Docker registry.
- Docker ID: The identifier of the Docker account user.
- Docker Password: The password/PAT for the account user identified above.
On the DockerCompose@0 task, ensure you have used the service connection set up above like as below.
```
- task: DockerCompose@0
  displayName: 'Push services'
  inputs:
    containerregistrytype: 'Container Registry'
    dockerRegistryEndpoint: {name of service connection}
    dockerComposeFile: '**/docker-compose.yml'
    action: 'Push services'
```
By default, the value of "Container Registry Type" field (containerregistrytype) is "Azure Container Registry". If the selected type is "Azure Container Registry", you need to use an Azure Resource Manager service connection on the task.

For the container registries on Docker Hub and other platforms, you need to select the type "Container Registry" and use the Docker Registry service connection.

In addition, in your Azure DevOps organization, you also can install and use the "AWS Toolkit for Azure DevOps" extension Published by Amazon. It also contained the following features for ECR:

AWS service connection: Connect to your AWS.
Amazon ECR Push task: Push Docker images to AWS ECR using the AWS service connection.
Amazon ECR Pull task: Pull Docker images from AWS ECR using the AWS service connection.