Push your Docker images to AWS ECR [A detailed guide]
Agenda,
- What is ECR (Elastic Container Registry)?
- Create an AWS IAM user (Optional)
- Generate access key & secret (Optional)
- Install & configureAWS CLI toot locally
- Create ECR registry
- Create the Docker file & build
- Login to the ECR registry
- Push image
What is ECR (Elastic Container Registry)?
Amazon Elastic Container Registry (Amazon ECR) is an AWS-managed container image registry service that is secure, scalable, and reliable. Amazon ECR supports private repositories with resource-based permissions using AWS IAM. This allows specified users or Amazon EC2 instances to access your container repositories and images. You can use your preferred CLI to push, pull, and manage Docker images, Open Container Initiative (OCI) images, and OCI-compatible artifacts.
Create an AWS IAM user (Optional)
An IAM user is an IAM resource with associated credentials and permissions. An IAM user can represent a person or an application that uses its credentials to make AWS requests. This is typically referred to as a service account.
In order to log in with AWS ECR with the local CLI tool we need some credentials. But using the root user to generate these credentials is not recommended.
So, let’s create an IAM user first, if you already have an IAM user you can skip this step.
- Log in to the AWS console.
- Navigate to the services -> IAM -> Users and add a user
- Provide the user name
- Then add the permissions to the created user. You can add permissions through policies or you can create policies and so on. I’m just adding AdministratorAccess for easiness. But if we go for a production or actual scenario you should mindful of this.
Note — You can get more about AWS IAM policies here.
- Then you can see the created user listed in the console.
Generate access key & secret
Then let’s generate an access key for this user.
- Select the created user and there you see a section to generate Access keys.
- Then select an option for the purpose of generating this access key.
- Then copy the generated key & secret.
Install AWS CLI tool locally & configure
The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
- To talk with AWS services we need this CLI tool to install on our local machines.
Note — Refer here for the installation guide for different Operating systems.
- Then we should configure the CLI tool with the above-generated security credentials. To do that run the below command.
aws configure- Then provided the below config one by one. Refer here for more.
AWS Access Key ID: <Your-IAM-user-key>
AWS Secret Access Key: <Your-IAM-user-secret>
Default region name: <Your-aws-region>
Default output format: json- You can verify the configs by running the below command
aws configure listCreate ECR registry
Now let’s create an ECR registry to store our Docker images.
- Navigate to the services -> Containers -> Elastic Container Registry
- Provide a name for your registry and create.
- You can see the registry is created and listed in the console. Get the URI of the Registry.
Create the Docker file & build it
For this demo, I’m just creating a simple REST server using Spring boot and creating a Docker file.
FROM openjdk:8
EXPOSE 8080
ARG JAR_FILE=target/learning-management-system-1.0.0-SNAPSHOT.jar
ADD ${JAR_FILE} app.jar
ENTRYPOINT ["java","-jar","/app.jar"]Note — You can get the source code here.
- Let’s build the image locally.
docker build <path-to docker-file> -t <ECR-regirty-uri>:version-tag-docker-image
For example:
docker build . -t 018404842733.dkr.ecr.us-west-1.amazonaws.com/spring-rest-server:latestLogin to the ECR registry & push the image
Once the image got built successfully, now we are ready to push our image to the AWS ECR registry.
- Run the below command to log in to ECR via the CLI tool. Refer here for more.
aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin 018404842733.dkr.ecr.us-west-1.amazonaws.com/spring-rest-server- Then run the below command to push the image.
docker build . -t 018404842733.dkr.ecr.us-west-1.amazonaws.com/spring-rest-server:latest That’s all about.
Happy cloud computing.!
