[AWS ECR] Save and get Docker images

Goal

Save and get the Dokcer image on the Docker container registry using AWS ECR.

Introduction

Below, the results of hands-on implementation along with the Youtube video (by Mr. Kohei Kurokawa) are listed as output. You can learn the basics about AWS ECR from the link below.

Docker course to catch up from now on! Aim for container master with AWS ECS and Fargate! ~ 3rd in the series ~

Premise

-The EC2 instance (Amazon Linux2) on which the Docker daemon is running has already been built (*).

Workflow

Item number title
1 Build ECR
2 IAM roll attach for ECR access
3 Save the Docker image to ECR
4 Get a Docker image from ECR

procedure

1. Build ECR

Start creating the repository from the ECR Console (https://ap-northeast-1.console.aws.amazon.com/ecr/get-started?region=ap-northeast-1). tempsnip.png

Enter the repository name (referred to as testrepo in this article) and click the repository creation execution button at the bottom. tempsnip.png tempsnip.png

The repository was successfully built. image.png

2. IAM roll attach for ECR access

Create an IAM role and attach it to the target EC2 instance in order to grant the authority to access ECR from EC2.

Click Create Role from IAM Role Console (https://console.aws.amazon.com/iam/home?region=ap-northeast-1#/roles) tempsnip.png

This time we're attaching an IAM role to EC2, so we'll set EC2 as a trusted entity. tempsnip.png

Embed the IAM policy AmazonEC2ContainerRegistryFullAccess, which grants full access to the ECR, into your IAM role. tempsnip.png

Enter the IAM role name (set as ecr-access in this article) and create the role.

tempsnip.png

Attach the created IAM role to the target EC2 instance. tempsnip.png

tempsnip.png

3. Save the Docker image in ECR

OS login to the target EC2 instance (described as the root user premise) and describe the dockerfile.

As a sample, describe the process of installing httpd and creating a Docker image that automatically starts httpd when the container starts.

dockerfile


FROM centos:centos7

RUN yum -y install httpd

CMD ["/usr/sbin/httpd","-DFOREGROUND"]

Then return to the ECR console, select the ECR repository you created and click `Show Push Commands``. tempsnip.png

You will then see a series of commands to push to the target ECR repository. It will be a flow to execute these in order.

image.png

First, copy the first of the above push commands and execute it. The content is to get the login password to the ECR repository and execute docker login with that password as standard input.

If Login Succeeded is displayed, it is OK. (If the IAM role settings are incorrect, a credential error will be displayed.)

[root@ip-172-31-35-94 ~]# aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 932699493995.dkr.ecr.ap-northeast-1.amazonaws.com
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

The second command is the regular docker build command.

docker build -t testrepo .

The third command uses the docker tag to perform the tagging required for the ECR repository push.

[root@ip-172-31-35-94 ~]# docker tag testrepo:latest 932699493995.dkr.ecr.ap-northeast-1.amazonaws.com/testrepo:latest
[root@ip-172-31-35-94 ~]# docker images
REPOSITORY                                                   TAG                 IMAGE ID            CREATED             SIZE
932699493995.dkr.ecr.ap-northeast-1.amazonaws.com/testrepo   latest              306adf672fc7        10 minutes ago      330MB
testrepo                                                     latest              306adf672fc7        10 minutes ago      330MB
centos                                                       centos7             8652b9f0cb4c        2 months ago        204MB

Actually execute docker push with the 4th command.

[root@ip-172-31-35-94 ~]# docker push 932699493995.dkr.ecr.ap-northeast-1.amazonaws.com/testrepo:latest
The push refers to repository [932699493995.dkr.ecr.ap-northeast-1.amazonaws.com/testrepo]
9cdaef33df63: Pushed
174f56854903: Pushed
latest: digest: sha256:33f3b20422ea489ca61be9a5b4334b0a68572989b4143bca3cb6d55825c2c07c size: 741

Execute aws ecr describe-images --repository-name repository name --region ap-northeast-1, and it is OK if you can confirm the pushed image.

[root@ip-172-31-35-94 ~]# aws ecr describe-images --repository-name testrepo --region ap-northeast-1
{
    "imageDetails": [
        {
            "artifactMediaType": "application/vnd.docker.container.image.v1+json",
            "imageSizeInBytes": 135861914,
            "imageDigest": "sha256:33f3b20422ea489ca61be9a5b4334b0a68572989b4143bca3cb6d55825c2c07c",
            "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json",
            "imageTags": [
                "latest"
            ],
            "registryId": "932699493995",
            "repositoryName": "testrepo",
            "imagePushedAt": 1610607670.0
        }
    ]
}

4. Get the Docker image from ECR

From the ECR console, copy the URL of the Docker image stored in the ECR. tempsnip.png

Execute the copied URL as an argument of the docker pull command.

[root@ip-172-31-35-94 ~]# docker pull 932699493995.dkr.ecr.ap-northeast-1.amazonaws.com/testrepo:latest
latest: Pulling from testrepo
Digest: sha256:33f3b20422ea489ca61be9a5b4334b0a68572989b4143bca3cb6d55825c2c07c
Status: Downloaded newer image for 932699493995.dkr.ecr.ap-northeast-1.amazonaws.com/testrepo:latest
932699493995.dkr.ecr.ap-northeast-1.amazonaws.com/testrepo:latest

Recommended Posts

[AWS ECR] Save and get Docker images
Save and display multiple images
How to save images on Heroku to S3 on AWS
[AWS] What are ECR and ECS? About each difference and how to operate Docker on AWS.
Verification of the relationship between Docker images and containers
Build WordPress environment with Docker (Local) and AWS (Production)
CI/CD pipeline and Docker
Docker installation and initialization
Docker terms and commands
Delete all Docker images
Register your own Docker image with ECR using AWS CLI
Elasticsearch> Build with docker, get Twitter information and visualize with Kibana