DEV Community

Cover image for Deploy an App Across Accounts
Hyelngtil Isaac
Hyelngtil Isaac

Posted on • Originally published at hyelngtil.awstech

Deploy an App Across Accounts

Introducing Today's Project!

Here, I am going Build a Docker container image and an Amazon ECR (Elastic Container Registry) to store the image securely.

What is Amazon ECR?
Amazon ECR is AWSʼs managed container registry for storing and sharing Docker images. In todayʼs project, we used it to push our app image and let our buddy pull and run it from their account.

My buddy was in 'us-east-1' and I was in 'af-south-1', so he couldn't authenticate to my ECR because ECR authentication is region specific. I resolved it by creating a matching repository in 'us-east-1'.

This project took us about an hour and half.


Creating a Docker Image

I set up a Dockerfile and an index.html in my local environment. Both files are needed because the Dockerfile defines how to build my custom container, and index.html provides the web content it serves.

My Docker file tells docker how to build my image and to use the index.html file I created as the web page that will be served.

I also set up an ECR repository
ECR stands for Elastic Container Registry. It is important because it makes it easy for one to store, manage, and deploy their container images.


Set Up AWS CLI Access

AWS CLI can let me run ECR commands
AWS CLI is a terminal tool to manage AWS services. The CLI asked for my credentials because browser logins arenʼt shared, so it needs its own access keys to authenticate.

To enable CLI access, I set up a new IAM user with AmazonEC2ContainerRegistryFullAccess permission. I also set up an access key for this user, which means the CLI can authenticate to AWS.

To pass my credentials to the AWS CLI, I ran the command aws configure. I had to provide my Access Key ID, Secret Access Key, the AWS region code for my repository, and optionally an output format.


Pushing My Image to ECR

Push commands in Amazon ECR (Elastic Container Registry) are the specific Docker commands you run to upload — or “push” — your container image from your local machine into an ECR repository in AWS.

There are three main push commands
To authenticate Docker with my ECR repo, I used the command 'aws ecr get-login password --region | docker login --username AWS --password-stdin .dkr.ecr..amazonaws.com'.

To push my container image, I ran the command 'docker push .dkr.ecr. .amazonaws.com/maven-cross-account-docker-app:latest'. Pushing means uploading my local image to Amazon ECR for others to pull.

When I built my image, I tagged it with the label latest. This means itʼs marked as the most current version, so anyone pulling latest will always get my newest build.


Resolving Permission Issues
When I first pulled my buddyʼs image, I got a 403 Forbidden error because their ECR repo is private and my AWS account didnʼt yet have permission. They had to update the repo policy to allow access.

To resolve each otherʼs pull errors, we updated our ECR repo policies to add each otherʼs IAM ARNs with permissions to pull images, enabling cross
account access to our private repositories.


🤝In the next project, I'm going to start a 7days DevOps series.


Top comments (0)