Amazon Elastic Container Registry (ECR) is a fully managed container registry that makes it easy to store, manage, share, and deploy your container images and artifacts anywhere. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and high-performance architecture, allowing you to reliably deploy images for your container applications. You can share container software privately within your organization or publicly worldwide for anyone to discover and download. For example, developers can search the ECR public gallery for an operating system image that is geo-replicated for high availability and faster downloads. Amazon ECR works with Amazon Elastic Kubernetes Service (EKS), Amazon Elastic Container Service (ECS), and AWS Lambda, simplifying your development to production workflow, and AWS Fargate for one-click deployments. Or you can use ECR with your own containers environment. Integration with AWS Identity and Access Management (IAM) provides resource-level control of each repository. With ECR, there are no upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet.

Requirements

  • AWS Account
  • Docker Dokerfile knowledge

Steps

  • Create a Repository
  • Create a IAM Role with Repository access
  • Run an instance with the IAM Role attached
  • Create a Dockerfile
  • Create an Image from the Dockerfile
  • Upload the image to the Registry

Hands-On

  1. In AWS Management Console, go to Elastic Container Registry

2. Click on Get Started

3. Give it a name, and click on Create repository

4. Once it finish, copy the URI to use it later

5. Once is repository is created, go to IAM

6. Click on Roles

7. Click on Create role

8. Click on EC2 and click Next

9. Search for AmazonEc2ContainerRegistryFullAccess and select the policy and click on Next

10. Click on Next: Review

11. Give it a name and click on Create role

12. Go to EC2

13. Go to Instances

14. Click on Launch instances

15. Select Amazon Linux 2 AMI 64-bits

16. Select t2.micro and click Next

17. In Configure Instance Details, select 1 instance, make sure you have Auto-assign Public IP enabled, and in IAM role, select the role we create ECR_Full_Access and click on Review and Launch

18. Review the configuration and click on Launch

19. Create a new key pair, give it a name, Download and click on Launch Instances

20. If everything is ok, you shoud see the success message, click on View Instances

21. Select the instance and click on Connect

22. Select SSH Client and copy the command to use it later

23. Open a SSH client and go where the key pair is downloaded, and change the permissions of the file

cd ~/Downloads
chmod 400 ecr-test.pem

24. Connect to the instance

ssh -i "ecr-test.pem" ec2-user@ec2-3-12-71-26.us-east-2.compute.amazonaws.com
The authenticity of host 'ec2-3-12-71-26.us-east-2.compute.amazonaws.com (3.12.71.26)' can't be established.
ECDSA key fingerprint is SHA256:1tnWyvB5JvWGBG/seJYL9bC2I3QDxiTtusalwmyn8js.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ec2-3-12-71-26.us-east-2.compute.amazonaws.com,3.12.71.26' (ECDSA) to the list of known hosts.

       __|  __|_  )
       _|  (     /   Amazon Linux 2 AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-2/
[ec2-user@ip-172-31-14-127 ~]$

25. Install Docker

sudo su -
yum -y install docker

26. Start Docker

systemctl start docker

27. Create a file named Dockerfile

nano Dockerfile

28. Paste this data

FROM ubuntu:16.04

# Install dependencies
RUN apt-get update
RUN apt-get -y install apache2

# Install apache and write hello world message
RUN echo 'Hello World!' > /var/www/html/index.html

# Configure apache
RUN echo '. /etc/apache2/envvars' > /root/run_apache.sh
RUN echo 'mkdir -p /var/run/apache2' >> /root/run_apache.sh
RUN echo 'mkdir -p /var/lock/apache2' >> /root/run_apache.sh
RUN echo '/usr/sbin/apache2 -D FOREGROUND' >> /root/run_apache.sh
RUN chmod 755 /root/run_apache.sh

EXPOSE 80

CMD /root/run_apache.sh

29. Save the file with control+O and control+X to exit

30. Create the image from the Dockerfile with docker built -t (name)

docker build -t myapache .

31. Run the image

docker run -d -p 80:80 myapache

32. Test the container is respoding with curl

curl 172.0.0.1
Hello World!

33. Get the login access to the ECR with the command aws ecr get-login

aws ecr get-login --no-include-email --region us-east-2

34. You will get an output with the command to login on the ECR Repository, copy the command and paste it in the SSH client, if everything is ok, you will see a Success message "Login Succeeded"

35. Now tag the image with the image with the ECR-DNS name

docker tag myapache 625181428504.dkr.ecr.us-east-2.amazonaws.com/testrepository

36. You can check the images with docker image ls

docker image ls
REPOSITORY                                                             TAG                 IMAGE ID            CREATED             SIZE
625181428504.dkr.ecr.us-east-2.amazonaws.com/testrepository   latest              f79bc35853c9        8 minutes ago       260MB
myapache                                                               latest              f79bc35853c9        8 minutes ago       260MB
ubuntu                                                                 16.04               9499db781771        6 weeks ago         131MB

37. Upload the image to the ECR

docker push 625181428504.dkr.ecr.us-east-2.amazonaws.com/testrepository

38. In the AWS Console Management, Inside the repository, you will see the docker image

Great you learn how to create a ECR repository and create and upload a Docker Image.

In the next posts we going deeper into the AWS Services.

Clean-Up

  1. Go to ECR

2. Select the repository and click on Delete

3. Confirm

4. Go to EC2

5. Go to Instances

6. Select the instance we create and click on Instance state and then Terminate Instances

7. Confirm

8. Go to Key Pairs

9. Select the Key pair we use in this lab and click on Actions then Delete

10. Confirm

11. Go to Security groups

12. Select the security group we create for this lab and click on Actions, then Delete security group

13. Confirm

14. Go to IAM

15. Click on Roles

16. Search for the Role we create on this lab, select it, and click on Delete role

17. Confirm

References