DEV Community

Cover image for 🚨 AWS 128: Setting Up Amazon ECR and Pushing Docker Images
Hritik Raj
Hritik Raj

Posted on

🚨 AWS 128: Setting Up Amazon ECR and Pushing Docker Images

#aws #docker #ecr #100daysofcloud

AWS

πŸ“‰ Proactive Monitoring: Catching CPU Spikes Before They Cause Downtime

Hey Cloud Builders πŸ‘‹

Welcome to Day 28 of the #100DaysOfCloud Challenge!
Today, we are diving into the world of containers. The Nautilus team needs a secure, private place to store their application images. We are setting up an Amazon Elastic Container Registry (ECR), building a custom Python app image, and pushing it to the cloud!

This task is part of my hands-on practice on the KodeKloud Engineer platform, which I highly recommend for anyone looking to master real-world DevOps scenarios.

🎯 Objective

  • Create a private Amazon ECR repository named devops-ecr.
  • Build a Docker image from a Dockerfile located in /root/pyapp.
  • Authenticate the local Docker client with the AWS ECR registry.
  • Tag and push the image to the new repository with the latest tag.

πŸ’‘ Why Monitoring is Non-Negotiable

Just as we monitor our servers, we must secure our code artifacts. Using a private registry ensures your application code isn't exposed to the public.

πŸ”Ή Key Concepts

  • Amazon ECR (Elastic Container Registry) A fully managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

  • Authentication Tokens Docker doesn't naturally know how to "talk" to AWS. We use the AWS CLI to generate a temporary 12-hour password that allows Docker to log in to our private registry.

  • Image Tagging To push an image to ECR, it must be "addressed" correctly. The tag must include your AWS Account ID and the specific Region where your registry lives.

πŸ› οΈ Step-by-Step: The Monitoring Workflow

We’ll move logically from Registry Creation β†’ Image Building β†’ Cloud Push.

πŸ”Ή Phase A: Create the ECR Repository

  • Create Registry: Use the AWS CLI or Console to provision your private repository.
  • Name: devops-ecr.
  • The "Secret Sauce": Note down the Repository URI. It will look something like <account_id>.dkr.ecr.<region>.amazonaws.com/devops-ecr.

Run this command to create the repository where your images will be stored:

aws ecr create-repository --repository-name devops-ecr --region us-east-1
Enter fullscreen mode Exit fullscreen mode

⚠️ Lesson Learned: ECR is region-specific! Ensure your CLI is configured to the same region where you created your repository.

πŸ”Ή Phase B: Build and Authenticate

  • Navigate to App Directory: Go to /root/pyapp where your Dockerfile resides.

  • Build the Image: Run docker build -t pyapp . to create your local image.

  • Retrieve Login Password: Use the following command to pipe your AWS credentials into Docker: 
  aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<your-region>.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Phase C: Tag and Push to Cloud

  • Tag for ECR: Docker needs to know exactly which registry this image belongs to. 
docker tag pyapp:latest <account_id>.dkr.ecr.<region>[.amazonaws.com/devops-ecr:latest](https://.amazonaws.com/devops-ecr:latest)
Enter fullscreen mode Exit fullscreen mode
  • Push the Image: Send your image to the AWS cloud. 
docker push <account_id>.dkr.ecr.<region>[.amazonaws.com/devops-ecr:latest](https://.amazonaws.com/devops-ecr:latest)
Enter fullscreen mode Exit fullscreen mode

βœ… Verify Success

  • Check the Dashboard: Navigate to the ECR console, click on devops-ecr, and verify that an image with the tag latest is present.

  • Test the Flow: Try pulling the image on a different machine (after authenticating) to ensure it is stored correctly and ready for deployment.

πŸ“ Key Takeaways

  • πŸš€ Identification: ECR URIs are long and specific. Always copy/paste them directly from the console to avoid typos.
  • πŸ•’ Login Expiry: Remember that your docker login session expires every 12 hours for security reasons.
  • πŸ“£ Closed Loop: Once your image is in ECR, you can easily deploy it to ECS, EKS, or Lambda.

🚫 Common Mistakes

  • Incorrect Region: Trying to push to a URI in us-east-1 when your repository was created in us-west-2.
  • IAM Permissions: If you get "Access Denied," ensure your IAM user has the AmazonEC2ContainerRegistryFullAccess policy.
  • Missing Tag: Forgetting to tag the local image with the full ECR URI before pushing.

🌟 Final Thoughts

You’ve just built a secure storage system for your application's "DNA." This ECR repository is now the single source of truth for your deployments. Next, we can look at automating this with a CI/CD pipeline!

🌟 Practice Like a Pro

If you want to try these tasks yourself in a real AWS environment, check out:
πŸ‘‰ KodeKloud Engineer - Practice Labs

It’s where I’ve been sharpening my skills daily!

πŸ”— Let’s Connect

Top comments (0)