AWS Certified Security – Specialty — Question 428

A security engineer is attempting to push a Linux-based container image to an Amazon Elastic Container Registry (Amazon ECR) repository that is in the us-east-1 Region. The security engineer has retrieved an authentication token by using the aws ecr get-login-password AWS CLI command within the last 4 hours. The security engineer has confirmed that the correct permissions are in place to push the container image to the repository.

When the security engineer tries to push the container image, the security engineer receives the following error: “no basic auth credentials”.

What should the security engineer do to resolve this error?

Answer options

• A. Obtain a new authorization token.
• B. Configure the AWS CLI to use us-east-1.
• C. Modify the aws-auth-cm.yaml file to include the IAM role for the security engineer.
• D. Activate AWS Security Token Service (AWS STS) in us-east-1.

Correct answer: B

Explanation

The 'no basic auth credentials' error typically occurs when there is a region mismatch between the Docker CLI login endpoint and the Amazon ECR repository. Configuring the AWS CLI to use us-east-1 ensures that the login command generates credentials for the correct regional registry. Other options, such as modifying the Kubernetes aws-auth-cm.yaml map or enabling AWS STS, do not address the local Docker authentication endpoint configuration.