401 Unauthorized in ECR feed

We created an external feed pointing to AWS ECR, with credentials from aws ecr get-login --region $AWS_REGION --registry-ids $AWS_ACCOUNT_ID

Above credentials work fine in browser: https://AWS_ACCOUNT_ID.dkr.ecr.AWS_REGION.amazonaws.com/v2/_catalog opens fine and shows json with repos.

However, when testing the feed or creating a deployment step in Octopus, there’s an error:

The V2 feed at 'https://AWS_ACCOUNT_ID.dkr.ecr.AWS_REGION.amazonaws.com/FindPackagesById()?id='package-id'' returned an unexpected status code '401 Unauthorized'

What could be the problem? We’re following the steps at https://octopus.com/docs/deploying-applications/docker-containers/registries/amazon-ec2-container-services

Hi Andrew

Thanks for getting in touch! Sorry to hear you’re having trouble connecting to the docker feed.

It’s hard to diagnose without seeing how you’ve configured the feed, but I believe the issue is that you’ve created a NuGet Feed rather than Docker Container Registry. it cant be changed once you’ve created it, so you will have to create a new one.

If this isn’t the case, can you please share some screenshots of how you’ve configured the feed, what version of Octopus you are using, and the full error?

Let me know how you go.


Hi Matt,

We’re using Octopus 3.7.13 and it seems there’s no registry type option - see attached screenshot


Also the error on “Test” action - see attached

Hi Andrew

Just checking, have you enabled the docker functionality under Configuration -> Features? By default, its disabled while it was in preview. In later versions, its enabled by default. If you enable that, you wil see the Feed Type dropdown.

Hope that helps!


Hi Matt - that was it, thanks!

We enabled the Feed Type in configuration, created a Docker Container Registry feed for AWS ECR and it’s now available and searchable.

Hi Andrew

Thanks for letting is know - glad its sorted.

I see you’ve sent another email - I’ll reply to that one shortly.