amazon-ecr-credential-helper icon indicating copy to clipboard operation
amazon-ecr-credential-helper copied to clipboard
verified publisher icon awslabs

Fails to assume instance role when Instance Metadata V2 is set to require (imdsv2)

Open lox opened this issue 4 years ago • 5 comments

Fails to find credentials when Instance is set to require Instance Metadata V2 tokens.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

lox avatar Aug 08 '21 11:08 lox

+1

tbordovsky avatar Aug 24 '21 05:08 tbordovsky

Also having that problem here.

ohookins avatar Feb 04 '22 12:02 ohookins

also having this issue for me, any workaround to fix this?

trying using imds v2 but still got result :

$ echo "xxxxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com" | docker-credential-ecr-login get

credentials not found in native keychain

kholisrag avatar Sep 30 '22 05:09 kholisrag

I had this issue as well, but I noticed that my version of docker-credential-ecr-login was old:

$ docker-credential-ecr-login -v
amazon-ecr-credential-helper
Version:    0.3.1
Git commit: b4a1707

I updated the binary in-place, after installing:

$ sudo curl https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.6.0/linux-amd64/docker-credential-ecr-login -o `which docker-credential-ecr-login`
$ sudo chmod +x `which docker-credential-ecr-login`

And now it is working as expected on a machine that only supports IMDSv2!

adkafka avatar Oct 06 '22 00:10 adkafka

Recently required IMDSv2 and am now having this issue. I've narrowed it down some:

  • I run gitlab runner on EC2, no problem running locally (shell executor)
  • when I run in a docker executor it fails.
  • job runs on docker:24.0 with v0.7.1 downloaded to path
  • apk installs 0.6.0 which also doesn't work.

Hope this helps!

supergibbs avatar Dec 15 '23 08:12 supergibbs