Docker, ECR, Elastic Beanstalk, & Terraform
An update from this post to use Amazon’s Elastic Container Registry (ECR) to run your own images on Elastic Beanstalk (ELB).
The additions I made here allow you to access an ECR image from inside your ELB image and provide SSL to the ELB load balancer.
Elastic Container Registry (ECR)
This is a pretty straightforward piece of Terraform code that creates an AWS ECR repository. The local.common_name will come later in this post.
Dockerfile
This example builds a Golang application, but you can do whatever you want here.
Build and push image to ECR
The following code will build and push your docker image to ECR. Note to replace REGION , ECR_URL , and ECR_NAME with your own values.
Dockerrun.aws.json
Elastic beanstalk traditionally runs from a .zip file placed in an S3 bucket. However, it can simply run from a Dockerrun.aws.json file placed in S3. This file will tell ELB how to pull and run your ACR image. I’m going to manage this in Terraform. So we’ll start by creating a template
and the an S3 bucket and an object that contains the templated file
This will template our ECR url into the Dockerrun.aws.json file and allow any changes to our ECR url to be propagated to the aws_s3_object .
Permissions
The key to this whole post is that your containers are able to access and pull the docker image from ECR.
Elastic beanstalk application
This is familiar from Gaston’s post. First we create an ELB application, a version, and finally an environment. The version uses the file from S3 we created earlier. It is very important that the version_label is set on the elastic beanstalk environment or the application will not know what version to use.
Route 53 and Certificates
This will forward traffic from your domain to the ELB load balancer and also provide an SSL certificate to encrypt the requests. Note that the certificate needs to be created in us-east-1 . So if you’re other infrastructure is in a different region, you will need a module to create the certificate.
Variables.tf
This post assumes that you have already created your VPC and subnets
Sorry for the brevity of this post. This took me a while to figure out from the existing literature out there and I hope it helps you out too
