How to setup Elastic Container Registry (ECR) for Docker on AWS | How to Create a Repo in ECR for Hosting Docker images | How to Push Docker image into Amazon ECR

Amazon ECR uses Amazon S3 for storage to make your container images highly available and accessible, allowing you to reliably deploy new containers for your applications. Amazon ECR transfers your container images over HTTPS and automatically encrypts your images at rest. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow.

What are we going to do in this lab?

1. Create a Repository in AWS ECR

2. Create an IAM role with ContainerRegistryFullAccess

3. Attach the IAM role to EC2 instance

4. Download pythonApp from Bitbucket

5. Build docker image for the Python App

6. Tag docker image

7. Login to AWS ECR using aws cli 

8. Push docker image into ECR

9. Run python app in Docker container

Pre-requisites:

• EC2 instance up and running with Docker installed
• Make sure you open port 8081
  
• Install aws cli

Create a repo in ECR 

Go to AWS console and search for ECR

Click on Create Repository

Enter name for your repo - all lower case and Click create repository

Once repo is created, choose the repo and click on view push commands. Note down the account ID

Note the URL from step # 3 below, this will be used for tagging and pushing docker images into ECR.

That's it, you have created repo successfully. Let us create docker images and push it to above repo in ECR.

Create an IAM role
You need to create an IAM role with AmazonEC2ContainerRegistryFullAccess policy.
Go to AWS console, IAM, click on Roles. create a role

 

Select AWS services, Click EC2, Click on Next permissions.

 
 Now search for AmazonEC2ContainerRegistryFullAccess policy and click

Skip on create tag.
Now give a role name and create it.

You need to assign the role to EC2 instance you have installed docker.

Go to AWS console, click on EC2, select EC2 instance, Go to Actions --> Security--> Modify IAM role.

Choose the role you have created from the dropdown.
Select the role and click on Apply.

Now Login to EC2 instance where you have installed Docker. You must be able to connect to AWS ECR through AWS CLI which can be installed by

sudo apt  install awscli -y

Once AWS CLI is installed, you can verify the installation:
aws --version

Now you can login to AWS ECR using CLI:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin your_acct_id.dkr.ecr.us-east-1.amazonaws.com

Where your_acct_id is from AWS ECR in the above picture.

You must get a message says Login succeeded. Now let's build a docker image, I have already created a public repo in Bitbucket. All you need to do is perform the below command to clone my repo:

git clone https://bitbucket.org/ananthkannan/mydockerrepo; cd mydockerrepo/pythonApp

docker build . -t mypythonapp
the above command will build a docker image.

 

Now tag Docker image you had build
docker tag mypythonapp:latest your_acct_id.dkr.ecr.us-east-1.amazonaws.com/your-ecr-repo-name:latest

You can view the image you had built.


docker push your_acc_id.dkr.ecr.us-east-1.amazonaws.com/your-ecr-repo-name:latest

Now you should be able to login to ECR and see the images already uploaded.

 

How to run a Docker container from Docker image?

sudo docker run -p 8081:5000 -d --rm --name myfirstApp1  your_acc_id.dkr.ecr.us-east-1.amazonaws.com/your-ecr-repo-name

where -d is for running with detached mode.

How to run another Docker container from Docker image?

sudo docker run -p 8085:5000 -d --rm --name myfirstApp2  your_acc_id.dkr.ecr.us-east-1.amazonaws.com/your-ecr-repo-name

make sure you open port 8085 in AWS security firewall rule.

where -d is for running with detached mode.

 Note: You can also create a repo through CLI command in AWS ECR.

aws ecr create-repository --repository-name myawesome-repo --region us-east-1

You can watch the steps on YouTube as well: