push to aws container registry

introduction

Amazon Elastic Container Registry (ECR) is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere without having to install any infrastructure. AWS Container Registry support user to push or pull an image which may be custom built or one of the prebuild image from the AWS Registry.

The AWS repository is a good alternative to docker image repository. One difference from the popular Docker hub is that AWS ECR supports public image repositories with resource-based permissions using AWS IAM so that specific users can access your public repositories to push images, as opposed to Docker hub that is only password auth base.

Also, you can create a private image repository which will require authentication from anyone who wish to push or pull an image from AWS container registry.

amazon ecr public gallery

And just like Docker hub, the AWS container registry also has prebuilt images which can be used as base image in Dockerfile. It is called the AWS ECR Public Gallery. Check it out here. Images in the gallery are free and secure to use. It has many of the popular engines you can think of in containerization technology. If you are using the AWS Container Registry, I especially recommend using the AWS ECR gallery images too. Added to the fact that they contain almost no vulnerability, they are also much easier to use without limit on the number of pull you can request.

create and name ecr repository

Now, let’s go ahead and see how to use this technology from AWS.

Supposed you are signed in to your AWS Management Console. Search for ECR from the AWS Search bar.

In the new window, select the visibility of your repository. I will be using this repository for a project so, I choose the Private option. That will not make it accessible to just everyone on the internet except they are given access to the image repository.

Also, supply the name for the repository.

Enter a name for your container repository

The Image Scan Settings is good to check you built image from any vulnerability. Therefore, we will enable.

Once you enabled the scanning, click the Create Repository button. The image repository will be created and ready to accept docker image. Now, let’s us see how we can push to the AWS Container Registry

get the repository credentials and configure AWS CLi

To push to AWS Elastic Container Registry, you will need to get the repository credentials created by AWS for you. Click on the new repository name, then at the right of the page, click the View Push Commands button.

In the next page, you will be presented with the details of the repository including the authentication credentials and commands that will be used to push to the container repository by AWS. The credentials include repository link, name, account ID, and the password.

Since, I am using a Linux machine for the walkthrough, I selected the MacOs/Linux option commands.

What we really need here is the first item of the list. That is the AWS CLI authentication for the docker client. However to push to container registry from our local, we need to first make sure our AWS CLI is ready for use. So in the next step, let’s add our AWS user to the local machine using the AWS CLI. Checkout this documentation on how to install AWS CLI from AWS

We will use the aws configure to add the secret and access key to our command line interface. You can checkout this post on how to use IAM.

aws configure

After that is done, you will execute the commands to authenticate the repository, build and tag the image, and push the image into AWS Elastic Container Registry

push to aws container registry with linux commands

Authenticate ecr with the command-line interface

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin [replace with your account registry link]

ECR login from linux cli before pus to aws container registry

Once you successfully add the credentials, you can the run the docker build command. You can clone the Nextjs sample code containing my Dockerfile from here. Also, I have a tutorial on GitHub and CodeCommit you should checkout too.

docker build -t [image name] .

build, tag, run and push image

After building the image, let’s run it to be sure our application will work fine. You will get a string of characters which is the container ID as reponse if the image run successfully.

docker run --name [container name] -d -p [hostPort:containerPort] [image name]

Good, you are doing well. Since we are certain we built our image successfully, we can then prepare it for the Elastic Container Registry. We will do this by tagging the existing image with our AWS repository URL. After that, we will push the image. Check the image you build earlier, under the repository you will find a name without any link under repository. This is a short form of saying the repository is default docker.io repository.

docker images

You will need to tag the image to the aws repository instead.

docker tag [image name]:latest [replace with your account registry link]/repositoryName:image-tag

Once we have tagged the image, we can then push the image to our container registry in AWS.

view tagged image before push to aws container registry

docker push [replace with your tagged registry link]/repositoryName:image-tag

We can go ahead to our AWS Console to check the new image we pushed.

Check the registry console image push to aws container registry

some extras…we host our running container.

So, we successfully push our images into the AWS Elastic Container Registry, we can choose to serve our application using Nginx we server. If you want an alternative way, follow this link to use secure Ngrok ingress tunnel.

I already created an A-record for my DNS service. Follow this tutorial to learn how to create an A-Record for your DNS and secure it using SSL certificate.

Create an Nginx config file and add the configuration below inside.

sudo nano next-app

server {
    server_name yourdomain.com;
    location / {
          proxy_pass         http://localhost:port;
          proxy_http_version 1.1;
          proxy_set_header   Upgrade $http_upgrade;
          proxy_set_header   Connection keep-alive;
          proxy_set_header   Host $host;
          proxy_cache_bypass $http_upgrade;
          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header   X-Forwarded-Proto $scheme;
          proxy_set_header   X-Real-IP $remote_addr;
    }
}

Serve the application with Nginx web server and DNS

After that, enter the URL on your web browser to see the application running as a docker container.

Application display on web browser with the container from AWS registry

conclusion

Since you know how to push an image to your AWS container registry, you should also know how to pull an image from your registry too.

The pull part is much straight forward too. However, make sure you are signed in to the AWS Elastic Container Registry just like you did earlier. Then use the pull command to bring the remote image into your machine.

docker pull [link to your registry]:image-tag

troubleshooting

ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
SOLUTION: Check that the docker daemon on your machine is running.
sudo service docker status
ERROR: Error response from daemon: pull access denied for 83*****ast-1.amazonaws.com/test-repository, repository does not exist or may require ‘docker login’: denied: Your authorization token has expired. Reauthenticate and try again.
SOLUTION: Reauthenticate you AWS registry on your machine. Use the Elastic Container Registry auth command above.

Oxla

How To Create And Push To AWS Elastic Container Registry in 5 Minutes