Photo by Pixabay on Pexels.com
What is Amazon Elastic Container Registry?
Amazon Elastic Container Registry (Amazon ECR) is an AWS managed container image registry service that is secure, scalable, and reliable. Amazon ECR supports private container image repositories with resource-based permissions using AWS IAM. This is so that specified users or Amazon EC2 instances can access your container repositories and images. You can use your preferred CLI to push, pull, and manage Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts.
Components of Amazon ECR
Amazon ECR contains the following components:
Registry
An Amazon ECR registry is provided to each AWS account; you can create image repositories in your registry and store images in them.
Repository
An Amazon ECR image repository contains your Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts.
Image
You can push and pull container images to your repositories. You can use these images locally on your development system, or you can use them in Amazon ECS task definitions and Amazon EKS pod specifications.
Getting Started with Amazon ECR
Prerequisites
- Sign up for AWS
- Install the AWS CLI
- Install Docker
Create an IAM user
Create an IAM user, and then grant this user administrative permissions by attaching an existing policy AmazonEC2ContainerRegistryFullAccess to this user.
Create an image repository
A repository is where you store your Docker or Open Container Initiative (OCI) images in Amazon ECR. Each time you push or pull an image from Amazon ECR, you specify the repository and the registry location which informs where to push the image to or where to pull it from.
- Open the Amazon ECR console at https://console.aws.amazon.com/ecr/.
- Choose Get Started.
- Inside the Create repository form:
- For Visibility settings, choose the visibility setting for the repository.
- For Repository name, provide a concise name. For example,
sonarqube.
- For Tag immutability, enable tag immutability to prevent image tags from being overwritten by subsequent image pushes using the same tag. Disable tag immutability to allow image tags to be overwritten.
- For Image scan settings and Encryption settings, leave them as Disabled.
- Choose Create repository.
Create a Docker image
For brevity, pull a docker image from the Docker Hub instead. For example, sonarqube:8.9.2-enterprise:
docker pull sonarqube:8.9.2-enterpriseAuthenticate to your default registry
After you have installed and configured the AWS CLI, authenticate the Docker CLI to your default registry. That way, the docker command can push and pull images with Amazon ECR. The AWS CLI provides a get-login-password command to simplify the authentication process.
The get-login-password is the preferred method for authenticating to an Amazon ECR private registry when using the AWS CLI. Ensure that you have configured your AWS CLI to interact with AWS. For more information, see AWS CLI configuration basics:
aws ecr get-login-password --region [region] | docker login --username AWS --password-stdin [aws_account_id].dkr.ecr.[region].amazonaws.comMake sure replace [region] and [aws_account_id] with your region and AWS account ID.
Push an image to Amazon ECR
Now you can push your image to the Amazon ECR repository you created in the previous section. You use the docker CLI to push images, but there are a few prerequisites that must be satisfied for this to work properly:
- The minimum version of docker is installed: 1.7
- The Amazon ECR authorization token has been configured with docker login.
- The Amazon ECR repository exists and the user has access to push to the repository.
After those prerequisites are met, you can push your image to your newly created repository in the default registry for your account.
Tag the image to push to your registry, which is sonarqube:8.9.2-enterprise in this case:
docker tag sonarqube:8.9.2-enterprise [aws_account_id].dkr.ecr.[region].amazonaws.com/sonarqube:8.9.2-enterprisePush the image:
docker push [aws_account_id].dkr.ecr.[region].amazonaws.com/sonarqube:8.9.2-enterprisePull an image from Amazon ECR
After your image has been pushed to your Amazon ECR repository, you can pull it from other locations. Use the docker CLI to pull images, but there are a few prerequisites that must be satisfied for this to work properly:
- The minimum version of docker is installed: 1.7
- The Amazon ECR authorization token has been configured with docker login.
- The Amazon ECR repository exists and the user has access to pull from the repository.
After those prerequisites are met, you can pull your image. To pull your example image from Amazon ECR, run the following command:
docker pull [aws_account_id].dkr.ecr.[region].amazonaws.com/sonarqube:8.9.2-enterprise
Café Fullstack 