Amazon ECR

Amazon ECR

Shyju Krishnan's photo
Shyju Krishnan
·Sep 21, 2022·

4 min read

Subscribe to our newsletter and never miss any upcoming articles

Table of contents

  • What is Amazon ECR (Elastic Container Registry)?
  • Components of ECR
  • Features of ECR
  • How to push the image in ECR
  • How to push the image in ECR
  • Community and Social Footprints :

What is Amazon ECR (Elastic Container Registry)?

Amazon ECR is a managed container image registry service that is secure, scalable, and reliable. ECR supports public and private repositories and resource-based permissions using IAM, so the specified users or EC2 instances can access your container repositories and images. You can use your preferred CLI to push, pull, and manage Docker images, Open Container Initiative (OCI) images, and OCI-compatible artifacts.

Components of ECR

- Registry: ECR registry is provided to each AWS account, you can create one or more repositories in your registry and store images.

- Authorization token: Authenticate to ECR registries as an AWS user before it can push and pull images

- Repository: ECR repository contains your Docker images, Open Container Initiative (OCI) images, and OCI-compatible artifacts.

- Repository policy: With repository policy, you can control access to your repositories and the images within them with repository policies.

- Images: You can push and pull container images to your repositories. You can use these images locally on your development system, or you can use them in ECS task definitions and EKS pod specifications.

Features of ECR

  1. Lifecycle policies help with managing the lifecycle of the images in your repositories. You define rules that result in the cleaning up of unused images. You can test rules before applying them to your repository.

  2. Image scanning helps in identifying software vulnerabilities in your container images. Each repository can be configured to scan on push. This ensures that each new image pushed to the repository is scanned. You can then retrieve the results of the image scan.

  3. Cross-Region and cross-account replication make it easier for you to have your images where you need them. This is configured as a registry setting and is on a per-Region basis.

  4. Pull through cache rules provide a way to cache repositories in remote public registries in your private ECR registry. Using a pull through cache rule, Amazon ECR will periodically reach out to the remote registry to ensure the cached image in your Amazon ECR private registry is up to date.

How to push the image in ECR

In this article we configure everything through the command line this will help you whenever you want to integrate into other CI/CD tools or do the integration programmatically

Connect the AWS account to CLI

Install the AWS CLI

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Configure basic settings

Run the aws configure to configure the basic settings and enable the connection between the location computer to AWS cloud

Key ID and access key you will get from under IAM

image.png

$ aws configure
AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [None]: 
Default output format [None]:

Once the connection is ready we can create the repository first

aws ecr create-repository --repository-name  <repo Name> --image-scanning-configuration scanOnPush=true --region <region>

Example:

root@MASTER:~# aws ecr create-repository --repository-name cnl  --image-scanning-configuration scanOnPush=true --region us-east-1
{
    "repository": {
        "repositoryArn": "arn:aws:ecr:us-east-1:389837147847:repository/cnl",
        "registryId": "389837147847",
        "repositoryName": "cnl",
        "repositoryUri": "389837147847.dkr.ecr.us-east-1.amazonaws.com/cnl",
        "createdAt": "2022-09-21T16:57:57+05:30",
        "imageTagMutability": "MUTABLE",
        "imageScanningConfiguration": {
            "scanOnPush": true
        },
        "encryptionConfiguration": {
            "encryptionType": "AES256"
        }
    }
}
root@MASTER:~#

How to check the repository details

root@MASTER:~# aws ecr describe-repositories
{
    "repositories": [
        {
            "repositoryArn": "arn:aws:ecr:us-east-1:389837147847:repository/cnl",
            "registryId": "389837147847",
            "repositoryName": "cnl",
            "repositoryUri": "389837147847.dkr.ecr.us-east-1.amazonaws.com/cnl",
            "createdAt": "2022-09-21T16:57:57+05:30",
            "imageTagMutability": "MUTABLE",
            "imageScanningConfiguration": {
                "scanOnPush": true
            },
            "encryptionConfiguration": {
                "encryptionType": "AES256"
            }
        }
    ]
}

Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI:

$ aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <<repo uri>>
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 389837147847.dkr.ecr.us-east-1.amazonaws.com/cnl

How to push the image in ECR

First, we need to create the Docker image then the same images we can push to ECR

Docker image creation you can refer to this git link

After creating the Docker image run the below command for tagging the image

$ docker tag <image name > <repo URL>

 docker tag cnl 389837147847.dkr.ecr.us-east-1.amazonaws.com/cnl

Push the image to ECR

$ docker push < Image ID>

root@MASTER:~# docker push 389837147847.dkr.ecr.us-east-1.amazonaws.com/cnl
Using default tag: latest
The push refers to repository [389837147847.dkr.ecr.us-east-1.amazonaws.com/cnl]
7b86011f85c2: Pushed
6f0675f39208: Pushed
05a08104fe16: Pushed
7f5cbd8cc787: Pushed
latest: digest: sha256:6bc7509a2574b0b65daed90ea976cb0ae7427790e43d68bad428b5b4d419eb54 size: 1160

How to verify the image

root@MASTER:~# aws ecr describe-images --repository-name cnl
{
    "imageDetails": [
        {
            "registryId": "389837147847",
            "repositoryName": "cnl",
            "imageDigest": "sha256:6bc7509a2574b0b65daed90ea976cb0ae7427790e43d68bad428b5b4d419eb54",
            "imageTags": [
                "latest"
            ],
            "imageSizeInBytes": 79981290,
            "imagePushedAt": "2022-09-21T17:41:11+05:30",
            "imageScanStatus": {
                "status": "COMPLETE",
                "description": "The scan was completed successfully."
            },
            "imageScanFindingsSummary": {
                "imageScanCompletedAt": "2022-09-21T17:41:19+05:30",
                "vulnerabilitySourceUpdatedAt": "2022-09-21T12:13:11+05:30",
                "findingSeverityCounts": {
                    "MEDIUM": 4,
                    "INFORMATIONAL": 4,
                    "LOW": 11
                }
            },
            "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json",
            "artifactMediaType": "application/vnd.docker.container.image.v1+json"
        }
    ]
}

How to delete the repository

root@MASTER:~# aws ecr delete-repository --repository-name cnl --force
{
    "repository": {
        "repositoryArn": "arn:aws:ecr:us-east-1:389837147847:repository/cnl",
        "registryId": "389837147847",
        "repositoryName": "cnl",
        "repositoryUri": "389837147847.dkr.ecr.us-east-1.amazonaws.com/cnl",
        "createdAt": "2022-09-21T16:57:57+05:30",
        "imageTagMutability": "MUTABLE"
    }
}

Hope you got an idea of how to create ECR and how to push the image to the ECR Registry

Thank you!

Community and Social Footprints :

Did you find this article valuable?

Support Cloudnloud Tech Community by becoming a sponsor. Any amount is appreciated!

Learn more about Hashnode Sponsors
 
Share this