How to setup Elastic Container Registry (ECR) for Docker on AWS
Amazon Elastic Container Registry (ECR) is a managed container registry service of AWS. This service is found under “Compute” on AWS Console. This is used to store, manage, and deploy Docker Container Images. ECR is integrated with Amazon Elastic Container Service (ECS).
With ECR, there is no upfront fees. We pay only for the amount of data we store in our repositories and data transferred to the Internet. To understand more about ECR billing, click here.eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-3′,’ezslot_2′,121,’0′,’0′]));
Before we proceed, let’s understand a few terms which we are going to see later in this article.
Registry: It is a place where we can create image repositories in it and store images in them.
Authorization token: Docker client must authenticate to Amazon ECR registries as an AWS user before it can push and pull images. Authentication credentials can be retrieved from AWS CLI get-login command provides to pass to Docker.
Repository: The image repository contains Docker images. Repository policy
Image: We can push and pull Docker images to our repositories. We can use these images locally on our system.
In this article, we will see how to create an ECR registry, repository, and push and pull the Docker image to/from it. I’ll try to keep this document as simple as possible so that those who are new to this will not need much effort to understand.
- AWS Account (Create if you don’t have one)
- Ubuntu 18.04 Server or EC2 Ubuntu 18.04 Instance (Click here to learn to create an EC2 instance if you don’t have one or if you want to learn )
- Docker pre-installed on your system.
What we will do?
- Login to AWS.
- Create an ECR Repository.
- Install AWS CLI on Linux Server
- Authenticate Docker client from the Terminal and Tag & Upload the local Image to ECR Repository.
- Untag and Delete the Image from the local system and pull ECR Repo.
Login to AWS
- Click here to go to AWS Login Page.
When we hit the above link, we will see a web page as follows where we are required to log in using our login details.
Create an ECR Repo
To create an ECR Repo click on the arrow near “Services” and you will see a list of AWS Services.
Click on “ECR” from the list. You can choose the desired region. Here I am proceeding with Paris.
You will see a screen as follows.
Click on “Get Started” to create your first ever repo.
Now on the next screen, give a name that you want to the repo that needs to be created.
On the same screen, you can see two options available.
- Tag Immutability:
This feature prevents image tags from being overwritten by subsequent image pushes using the same tag.
- Scan on Push:
Using this feature we can enable to scan on push to have each image automatically scanned after being pushed to a repository.
For now, we shall not enable these features.
Simply click on “Create Repository” to proceed.
Now you can see that the repo is ready to use.
Install AWS CLI on Linux Server
You shall also need “aws” command on your system.
To install “aws” on Ubuntu system you can just type the following commands
apt-get install awscli
Authenticate Docker client from the terminal and Tag & Upload the existing Image to ECR Repo.
Once we have the “aws” command on our system, we need to authenticate Docker client to our registry and for that we need to have a system with Docker installed on it.
You can refer Docker’s official page to install Docker on your system.
We can verify the version of Docker with “docker –version” command.
Before we authenticate Docker client to our registry we need to export our aws_access_key_id and aws_secret_access_key.
Refer to AWS’s official documentation to know more about this.
Use the following commands to export the required keys.
aws configure set aws_access_key_id YOUR_ACCESS_KEY
aws configure set aws_secret_access_key YOUR_SECRET_KEY
aws configure set default.region YOUR_DEFAULT_REGION
aws configure set default.output json
Once we have exported these values we are ready to authenticate Docker client to our registry.
First, click on the repo and then click on “View Push Commands”:
We will see all the required commands once we click “View Push Commands”:
Copy the first command and execute it from your system to authenticate Docker client to our registry.
Now let’s pull an image from Docker Hub which we will push to ECR Repo or build your self from your Dockerfile. Here I will pull apache/httpd image and then push it
docker pull httpd
List the Images to see the available images on the local system.
Copy the second command if you want to build your own image or go to the third command and execute it
docker tag <Image_Name>:<Tag> <ECR_Repo>:<TAG>
Here it is,
docker tag httpd:latest 064827688814.dkr.ecr.eu-west-3.amazonaws.com/rahul-ecr-repo:latest
DO NOT USE this address as I have already deleted the repo.
Now we are ready to push the Image to ECR.
Copy the fourth command and execute it.
This will successfully push the image to ECR Repo.
Untag and delete the Image from the local system and pull from ECR Repo
We can delete the local image if you no more required it.
docker rmi <Image_Name>
Here it is,
docker rmo httpd
In the same way, you can delete the tagged Image from the local system.
Then you can try to pull the Image from ECR repo.
Go to the repo and Copy the Image URI:
docker pull “IMAGE_URI”
In this article we learned to create an ECR Repository, login Docker client, tag the local Image and push it to ECR Repo and pull the same.