Building and pushing a docker image to Amazon ECR
In this article, I am going to walk you through creating a custom docker image and then pushing that image to a private repository. In our case, its Amazon ECR.
I will be creating this image and pushing it to ECR from an EC2 instance using Ubuntu 18.04 AMI.
Your instance needs to have permission to authenticate and push the image to the ECR repository. You can attach a role to the EC2 instance which has the “AmazonEC2ContainerRegistryFullAccess” attached.
For creating the repo, click on create repository under the private tab.
- Keep visibility settings as private, add the repository name, in my case it is “ecr-node-image”.
2. Under Image scan settings, enable Scan on Push and then Click on Create repository.
This will successfully create your ECR repository. Now, if you have docker installed you can skip this step,
$ sudo apt-get update
$ sudo apt install docker.io -y
These commands will install docker on your ubuntu machine. To verify your installation and to find the docker version, run the following command -
$ docker -v
Output
Docker version 20.10.2, build 20.10.2-0ubuntu1~18.04.2
Now, for creating the image,
1. Create a directory and navigate into that directory.
2. Create an empty file by the name “Dockerfile” without any extension.
$ mkdir ecr-node-image$ cd ecr-node-image/$ touch Dockerfile$ ls
Output
Dockerfile
3. Open that file in any editor of your choice and paste this docker file content given below into the Dockerfile you created. In this example, we are installing node js on top of ubuntu base image. Instead of directly installing node which will be of a specific version, we are setting up nvm (node version manager) using which we can get access to any node version of our choice. Just modify the version that you require in the Dockerfile in the ENV NODE_VERSION.
4. Now, we are ready to build the image, before starting the build, run this command, this lists down all the images available. Currently, we don’t have any.
$ sudo docker images
5. To start the build of the docker image run this command -
sudo docker build -t nvm-image .
6. This will start creation of the image and in a couple of minutes we should be done. The above command builds the docker image with the tag nvm-image:latest.
7. After the build completes, we can see the node, npm and the nvm version used. node version is the one that we specified in the Dockerfile.
8. Lets list the docker images. We have a new docker image created with the latest tag.
$ sudo docker images
9. Now to push the image on ECR or any other private repository offered by other cloud providers. First, we need to authenticate our docker client with the ecr repo to push the image. Run this command for the same,
$ aws ecr get-login-password --region repo_region | docker login --username AWS --password-stdin acct_ecr_domain
Here acct_ecr_domain is the url that starts with your AWS Account ID.
For example - account_id.dkr.ecr.region.amazonaws.com
You can get this command from the AWS ECR Console by clicking on View push commands in the repository -
Copy the first command and run it on you CLI.
If you get the message Login Succeeded, you are good to go with the authentication. If you get any error “permission denied” as shown in the image below -
Run this command and it should solve it for you.
sudo chmod 666 /var/run/docker.sock
After that re-run the authentication command and you should get the message “Login Succeeded”. If you still face some issues, you can check whether your instance has the necessary permissions to authenticate itself with the ECR repo.
10. Now, before pushing the image we have to tag our image with the ecr repo url. So, we run the 3rd command under the “View push commands section” which assigns a new tag to our image. You can see the new tag when you list all the docker images.
$ sudo docker tag nvm-image:latest \
acct_ecr_domain/ecr-node-image:latest
11. Now for the final step, lets push the image in our repo, run the 4th command under the “View push commands section”.
$ sudo docker push acct_ecr_domain/ecr-node-image:latest
After the process completes, you can go and check for the image in the ECR console in your repository.
And that’s it. Thanks for reading through this article ! :)