Lab Guide:Amazon Elastic Container Registry (Amazon ECR)

Lab Guide:Amazon Elastic Container Registry (Amazon ECR)

Let's take you through AWS managed container image registry.

Container Management

AWS managed container image registry is secure, scalable, and reliable. The Amazon ECR supports private repositories with resource-based permissions using AWS IAM. This ensures that specified users or Amazon EC2 instances can access your container repositories and images. You can use your preferred CLI to push, pull, and manage Docker images, Open Container Initiative (OCI) images, and OCI-compatible artifacts.

Table of Contents

Step1: Create an Ubuntu Server/Instance and SSH into it.

Step2: Select the instance and click on “Actions.”

Step3: Click “Security” and then “Modify IAM role.”

Step 4: Click on create new IAM role.

Step 5:Click on “Create Role.”

Step 6: Choose EC2 and click on next.

Step 7: Attach ECR and EKS policies to the role and press next.

Step 8: Provide the role name.

Step 9: Click on Create Role.

Step 10: Come back to the instance and attach the IAM role to the instance and click on “Update IAM role”.

Step 11: SSH into the server/Instance.

Step 12: Become Root User.

Step 13: Install AWS CLI(Command line Interface).

Step 14: Configure the AWS CLI.

Step 15: Install Docker.

Step 16: Create a Container Repository.

Step 17: Go to AWS Container Registry service, their one repository will be created by the name hello world.

Step 18: Log in to the repo using the below command.

Step 19: Pull an image from the docker hub.

Step 20: Tag the image to push to your repository.

Step 21: Push the image.

Step 22: Go to the container registry service in AWS and check “the hello-world image would be pushed” with the tag name “latest.”

Follow the above steps:

Step1: Create an Ubuntu Server/Instance and SSH into it.

0D6H_PZHBIcCj3WmcrBp2JEfpN2JbDKnFOpYo6LehkM8NUtCTuY33-GWNpu2A4pN2Aw1jZl7dVQu4pBFrPvEzeFfJ9IHJLQJS9JECED58xnR2syR2qzm47jhwQLJ.png

Step2: Select the instance and click on Actions.

WNz-6q8nUaIWBwm0c2Jfh_lLpIt-TrSSO4lFM9ZhzUjKk92LdA0-wwOu2wuFG6fr-G0SMYGaSFFCQxq09me8LWonwJ-mdbnC0nh0Dz1oHhI6HxXNU58suwmPwQzc.png

Step3: Click on Security and then click on Modify IAM role.

g3nk6veAPSFvFsx8wnUvAuYQmBx6mY1_qSFZhxoXI5nawc0XZ5FI-6c81YXwUgvSpFwF8Do-IIx6Fvt3KYxwLhmbDtzGRpJS1OqAjnTWgEmfsioi6UKIUDUJnuVC.png

Step 4: Click on create new IAM role.

Modify IAM role.png

Step 5:Click on Create Role.

hUYG5VwLvts2CXTsAUI89__eGxNpba0Utguoc1YmDG7612y6YBWyuN9K7Fd0TsGMxHL6ZqArimVVtsk9NP14xhhxaBdA-Qsum_AthGR9V4Xv0CV2je1ONIu4gKNv.png

Step 6: Choose EC2 and click on next.

poZ9pR9XKQUpFSZyI-RI9qE5RmgEJ9LUtz5s-SNM61wtcD_V5uokbQvAwLS5Fqilb2N0YKkPo_LZZTqkuh1rHuP7Q-OdGGBm0MecP-kdh_ExSfCfiQaB5PupaWAb.png

Step 7: Attach ECR and EKS policies to the role and press next : same way attach ECR and EKS full access to IAM User also.

HeLlqL6Xi2JiH5nJ589KDZMlw3Ev8iF4XRwxj7Ivt_FVzhg15PKa_vp8YJBp-mZIkLogM5ct3liFgM2Tu8YWnffXTfx6gF_fOH1fZ8uaCbhsY04uEubvOBnlmDHp.png

Step 8: Provide the role name.

2p7nyYolK7MvIw3aX26mtdiEpufBrlFREzxkvUPa_gTsMNzxJ4nT91zt80bREh6ck0eCZJ9cIJTVGhLlYG-oo7RgIdnKOSq-CCLLpRpIC-ITa6-W7kckHcmUjxPq.png

Step 9: Click on create role.

oqScZO_WOGP4QVPRkmctvLy1CvdPgdXU5VvyN2CAhVeg1NN2xhW_v-rYs-Wlf4Zl8TJsEqBPMHzPGUlhlsPpyeRyazJe7DvsGZE9UfD-ZYiS2Kzj6rkMVfGCwoN0.png

Step 10: Come back to the instance and attach the IAM role to the instance and click on “Update IAM role”.

N8tz9Vjs8mbFDsTIqi9drJUoTv4ouRNkJ8WGGZqu7Aad1jbdP6TUXljZpgjPV8EUAFAJYZ6IvwL6anLsOmuhZl0clg6gV4Bb0R-NGwbu4AyU10PXxku8MDoSkn0P.png

Step 11: SSH into the server/Instance.

image.png

Step 12: Become Root User.

sudo su

xunxOJ5W51GbHzRsuIyXZ-lP3s8NKPkIy_t_YcJUAjeM_w4IsNsezIAgOelRnfulcvFu1wejC-jiHfHEPNZXViBLeGKSgROyM_uK7-KwcILZeN6w5T3BDMdu3FK4.png

Step 13: Install AWS CLI(Command line Interface).

sudo apt-get update        
sudo apt-get install awscli
aws –version

-c1i1.18.69 Python3.8.10 Linux5.13.0-1022-aws botocore1.16.19.png

Step 14: Configure the AWS CLI.

Note: Use the following command.

aws configure

Note: Provide environment variables such as (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION).

6_5HeqK8jdTHIat2FhJyPn7sCaRchx73g6fr5XfpGyCfp4PNSNTI6EtD2fRss8zLIVfLhXRNtFEvuLi2RR4Bfu2A0VQSvt1b5cg5YpuzrfJHx8D7Ez9lH0kA1qom.jpg

Step 15: Install Docker.

apt-get update -y
wget -qO- https://get.docker.com/ | sh
docker version
service docker start
ip a

KyCLp5UEyMzwIk-Pot7EOk8oIHf2wYh1hs9OGTAYaVct-O2tM59oqX7L3TAmbVPY5ZLllRQlWeY2sVMxXejAJsmBFJ5pvRgYLL_OLkGfqCT3PrAs6jOT867yifmJ.jpg

Step 16: Create a Container Repository.

aws ecr create-repository     --repository-name hello-world

PPQJTRxuY_MwxZyBxzaIwajaEsnP3McGzrLfE70UefCGeTseMaCFcLHXXJTreA4tGDebup3QVFbnLoVU9ar73clg3gx_ezoTHC5nsE1jTkkPepVjC_7Y-r2sXGge.jpg

Step 17: Go to AWS Container Registry service, their one repository will be created by the name hello world.

KUzJvh0ZIwSsDeU_E8tWFpxpOxQWeY21DPB6hkJzFCbSiOiSWq3d5WUi7wzpHqGYiFS4v209OYZLniPFArawmRkhtxsA8eMruurR6ucIwYyr3t2urHPxLMtgnOiF.png

Step 18: Login to the repo using below command.

aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com

pbpHTMcWUoZnU-kHHw-8D43sjxxo8pDtonQY7YapAQ6lLuytRRDbAFnmVy2gVG-Bq8lfL-onQtP2sygHPWH4xKujG_zs4c2ieGLCzyj_o74Gmm3w_mHUaHX9SJHV.png

Step 19: Pull an image from docker hub.

docker pull hello-world

175homeubuntu# docker pull hello-world.png

Step 20: Tag the image to push to your repository.

docker tag hello-world: latest aws_account_id.dkr.ecr.region.amazonaws.com/hello-world:latest

Note: replace underlined words region and aws_account_id with your region and account ID.

Step 21: Push the image.

docker push aws_account_id.dkr.ecr.region.amazonaws.com/hello-world:latest

Note: replace underlined words region and aws_account_id with your region and account ID.

C2xj74cGML85zfsI8jJ0X1ehy3a3syO3XVHnTpr5yQ6rPmrh8Btts1bxsv1o7VZrpaRAigV_mrj4Q61gu_0tER9cKHYkN3JiptmAPfY9uSck_G4bc3wWXYbUW7qH.png Step 22: Go to container registory service in AWS and check “the hello-world image would be pushed” with the tag name “latest”.

0Q82rNvAAwFpW-1B5gjC4taZlUls9dPH1c5j_M4HgEPLZ9CNBOUKpXo5ES5Eiankqf7XY0FCVAxphuzORIFDJ3bZsBt3PpsSfq3kLWbP-96redvYq_4wQaGx1p0D.png

The above diagram shows the image has been pushed to the registry [Amazon ECR] which makes easier for us to create a container anytime using above image in the registry.

You can further read: Reference for ECR using CLI