🚨 AWS 128: Setting Up Amazon ECR and Pushing Docker Images
#aws#docker#ecr#100daysofcloud
Hritik Raj

Hritik Raj @hritikraj8804

About: Pre-final yr Student | Open Source Developer | DevOps

Location:
Bihar, India
Joined:
Oct 31, 2023

🚨 AWS 128: Setting Up Amazon ECR and Pushing Docker Images

Publish Date: Jan 8
0 0

AWS

📉 Proactive Monitoring: Catching CPU Spikes Before They Cause Downtime

Hey Cloud Builders 👋

Welcome to Day 28 of the #100DaysOfCloud Challenge!
Today, we are diving into the world of containers. The Nautilus team needs a secure, private place to store their application images. We are setting up an Amazon Elastic Container Registry (ECR), building a custom Python app image, and pushing it to the cloud!

This task is part of my hands-on practice on the KodeKloud Engineer platform, which I highly recommend for anyone looking to master real-world DevOps scenarios.

🎯 Objective

  • Create a private Amazon ECR repository named devops-ecr.
  • Build a Docker image from a Dockerfile located in /root/pyapp.
  • Authenticate the local Docker client with the AWS ECR registry.
  • Tag and push the image to the new repository with the latest tag.

💡 Why Monitoring is Non-Negotiable

Just as we monitor our servers, we must secure our code artifacts. Using a private registry ensures your application code isn't exposed to the public.

🔹 Key Concepts

  • Amazon ECR (Elastic Container Registry) A fully managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

  • Authentication Tokens Docker doesn't naturally know how to "talk" to AWS. We use the AWS CLI to generate a temporary 12-hour password that allows Docker to log in to our private registry.

  • Image Tagging To push an image to ECR, it must be "addressed" correctly. The tag must include your AWS Account ID and the specific Region where your registry lives.

🛠️ Step-by-Step: The Monitoring Workflow

We’ll move logically from Registry Creation → Image Building → Cloud Push.

🔹 Phase A: Create the ECR Repository

  • Create Registry: Use the AWS CLI or Console to provision your private repository.
  • Name: devops-ecr.
  • The "Secret Sauce": Note down the Repository URI. It will look something like <account_id>.dkr.ecr.<region>.amazonaws.com/devops-ecr.

Run this command to create the repository where your images will be stored:

aws ecr create-repository --repository-name devops-ecr --region us-east-1
Enter fullscreen mode Exit fullscreen mode

⚠️ Lesson Learned: ECR is region-specific! Ensure your CLI is configured to the same region where you created your repository.

🔹 Phase B: Build and Authenticate

  • Navigate to App Directory: Go to /root/pyapp where your Dockerfile resides.

  • Build the Image: Run docker build -t pyapp . to create your local image.

  • Retrieve Login Password: Use the following command to pipe your AWS credentials into Docker: 
  aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<your-region>.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

🔹 Phase C: Tag and Push to Cloud

  • Tag for ECR: Docker needs to know exactly which registry this image belongs to. 
docker tag pyapp:latest <account_id>.dkr.ecr.<region>[.amazonaws.com/devops-ecr:latest](https://.amazonaws.com/devops-ecr:latest)
Enter fullscreen mode Exit fullscreen mode
  • Push the Image: Send your image to the AWS cloud. 
docker push <account_id>.dkr.ecr.<region>[.amazonaws.com/devops-ecr:latest](https://.amazonaws.com/devops-ecr:latest)
Enter fullscreen mode Exit fullscreen mode

✅ Verify Success

  • Check the Dashboard: Navigate to the ECR console, click on devops-ecr, and verify that an image with the tag latest is present.

  • Test the Flow: Try pulling the image on a different machine (after authenticating) to ensure it is stored correctly and ready for deployment.

📝 Key Takeaways

  • 🚀 Identification: ECR URIs are long and specific. Always copy/paste them directly from the console to avoid typos.
  • 🕒 Login Expiry: Remember that your docker login session expires every 12 hours for security reasons.
  • 📣 Closed Loop: Once your image is in ECR, you can easily deploy it to ECS, EKS, or Lambda.

🚫 Common Mistakes

  • Incorrect Region: Trying to push to a URI in us-east-1 when your repository was created in us-west-2.
  • IAM Permissions: If you get "Access Denied," ensure your IAM user has the AmazonEC2ContainerRegistryFullAccess policy.
  • Missing Tag: Forgetting to tag the local image with the full ECR URI before pushing.

🌟 Final Thoughts

You’ve just built a secure storage system for your application's "DNA." This ECR repository is now the single source of truth for your deployments. Next, we can look at automating this with a CI/CD pipeline!

🌟 Practice Like a Pro

If you want to try these tasks yourself in a real AWS environment, check out:
👉 KodeKloud Engineer - Practice Labs

It’s where I’ve been sharpening my skills daily!

🔗 Let’s Connect

Comments 0 total

    Add comment