It looks like you're correctly logging into AWS ECR, but the issue probably stems from root vs. non-root user authentication in Docker. When you run sudo docker pull, it does not use the authentication stored in your user's ~/.docker/config.json because sudo runs as root, which has a separate home directory (/root/.docker/config.json).