Open in app

Sign in

Write

Sign in

Publishing Docker Image in AWS ECR

alam
4 min readJan 3, 2023

--

Elastic Container Registry is a container image registry service within AWS similar to the Docker Hub. Like the docker hub, it also supports private and public registries. For many reasons, we may store our docker images in the AWS ECR. Here we will try to learn how we can publish a docker image in the AWS ECR.

Prerequisites

As we are thinking of publishing a docker image in AWS Elastic Container Registry, it’s safe to assume that we have the below pre-requisites already in place:

  • AWS CLI installed on system -> [AWS]
  • Docker Image -> [Freecodecamp]
  • AWS IAM Permissions
# Necessary IAM permission to publish an image in ECR
"ecr:CompleteLayerUpload"
"ecr:GetAuthorizationToken"
"ecr:UploadLayerPart"
"ecr:InitiateLayerUpload"
"ecr:BatchCheckLayerAvailability"
"ecr:PutImage"

Once we have met the prerequisites, we can proceed, but before that, it is good to know a few concepts around today’s discussion.

Registry

A registry is a storage and content delivery system for docker images. The registry holds the repositories.

Repository

A repository holds all the versions of the same image.

To understand these concepts, let us take an example of the docker image for the httpd application.

Here, Docker Hub is the registry, httpd is a repository and the latest & bullseye are the images.

Let us now return to our original topic — publishing images in AWS ECR — with the assumption that we already have an image called myimage.

me@mycomp % docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
myimage latest bb794e2b08fe 37 minutes ago 56.7MB

We can publish it to the ECR in the following steps:

1. Log in to the AWS ECR through CLI

We can log in to the AWS ECR using the below command.

aws ecr get-login-password --region us-west-2 | docker login --username AWS  --password-stdin  012345678901.dkr.ecr.us-west-2.amazonaws.com

#change aws region and account name

2. Creating a repository in the ECR

Once we authenticated, the first thing we need to do is, create a repository in the ECR. We can choose a purposeful name (generally, the image name) for the repository. In our case, we have chosen the name to be myimage inline with the name of our docker image.

aws ecr create-repository \
 - repository-name myimage \ # it should be the image name
 - image-tag-mutability IMMUTABLE

We can verify if the repo has been created successfully using the below command.

me@mycomp % aws ecr describe-repositories - repository-names my-image
{
 "repositories": [
 {
 "repositoryArn": "arn:aws:ecr:us-west-2:012345678912:repository/myimage",
 "registryId": "012345678912",
 "repositoryName": "forensics",
 "repositoryUri": "012345678912.dkr.ecr.us-west-2.amazonaws.com/myimage",
 "rest": ["truncated"]
 ]
}

3. Tagging the image

To push an image to a private registry and not the central Docker registry you must tag it with the registry hostname, port (if necessary), and repository. Let’s tag the image with the below information:

  • Registry — 012345678912.dkr.ecr.us-west-2.amazonaws.com
  • Repository — myimage
  • Image Tag (optional) — latest
# replace image-id, account-id, region, ecr-repo-name, tag according to your need
docker tag bb794e2b08fe \ # image id
 012345678912.dkr.ecr.us-west-2.amazonaws.com/myimage:latest

Tagging an image just creates an alias for an image. Let’s verify it using the docker image ls command.

me@mycomp % docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
012345678912.dkr.ecr.us-west-2.amazonaws.com/myimage latest bb794e2b08fe 33 minutes ago 56.7MB
myimage latest bb794e2b08fe 37 minutes ago 56.7MB

Here, we can see two images with the same image id bb794e2b08fe myimage and 012345678912.dkr.ecr.us-west-2.amazonaws.com/myimage.

4. Push the image to the repository

We can now push the image 012345678912.dkr.ecr.us-west-2.amazonaws.com/myimage to the ECR.

me@mycomp % docker push 012345678912.dkr.ecr.us-west-2.amazonaws.com/my-image:latest 
The push refers to repository [012345678912.dkr.ecr.us-west-2.amazonaws.com/my-image]
e9306b14c0d6: Pushed 
latest: digest: sha256:1161b380dac994a15caa96ac2354e7b4cd6d65c651a56fd778f0ad707ce3893f size: 529

When the image is pushed successfully, we will get image id: Pushed message.

5. Verify the Image in the ECR

We can verify the image in ECR using the aws ecr describe-images command. It would return the information about the image, including the image push time, etc. At this stage, we are precisely done pushing our docker image to the ECR.

me@mycomp % aws ecr describe-images - repository-name myimage - profile 012345678912
{
 "imageDetails": [
 {
 "registryId": "012345678912",
 "repositoryName": "myimage",
 "imageDigest": "sha256:1161b380dac994a15caa96ac2354e7b4cd6d65c651a56fd778f0ad707ce3893f",
 "imageTags": [
 "latest"
 ],
 "imageSizeInBytes": 23735881,
 "imagePushedAt": "",
 "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json",
 "artifactMediaType": "application/vnd.docker.container.image.v1+json"
 }
 ]
}
Docker
Aws Ecr

--

--

alam

Written by alam

22 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams