Amazon Elastic Container Registry (ECR), is a fully managed container registry service offered by Amazon Web Services (AWS).
ECR provides a secure and scalable solution for storing, managing, and deploying Docker images, making it an indispensable tool for teams and organizations embracing containerization.
In this guide, we will explore the process of using it for publishing Docker images.
Whether you’re a seasoned Docker user or just starting your containerization journey, this article will equip you with the knowledge and practical insights needed to leverage ECR effectively and securely.
Intro to the usage of ECR
ECR supports private and public repositories where we can publish and use our docker images on containers.
But here in this article, I’m going to use ECR private repository which we have to manage access using IAM and repository policy management for secure docker image storage.
Basically, the docker images published on a private repository will be pulled from ECS services that we are going to deploy using AWS ECS deployment in this article series.
We will discuss the necessary IAM role and permission setup in order to access the ECR registry from Amazon ECS in this article.
Create a Private Repository on Amazon ECR
First, we should create a private repository where we can publish the docker images for our API application.
Navigate to the Create repository from the ECR dashboard.
Also, there are optional configurations that will allow the following aspects on AWS. Feel free to enable these configurations, but I’m going only with default configurations in private visibility.
- Scan on push – Enable scan on push to have each image automatically scanned after being pushed to a repository. If disabled, each image scan must be manually started to get scan results.
- KMS encryption – You can use AWS Key Management Service (KMS) to encrypt images stored in this repository, instead of using the default encryption settings.
Application Source Code
We have developed a simple spring boot REST API with MySQL database for this tutorial.
You can clone it from our GitHub repository or else feel free to use your own application source code, which you have access.
Building Docker Image And Publish To ECR Repository
AWS dashboard makes your life easier by dynamically generating all the necessary commands to log in with the docker registry and build and publish the created docker images to the registry.
If you are not experienced in Dockerizing spring boot applications, refer to this article on How to Dockerize Spring Boot Application.
We can find those commands inside the registry page, by pressing the view push commands button.
Sample push commands for the repository we created on our AWS account.
Use your own command set from your dashboard and push your docker images to the repository securely.
Building Docker Images With Apple Silicon
Issue: I’ve run into the issue more than once with Docker images that were built on my M1 that wouldn’t run when deployed to a remote environment. Specifically, I got the error:
standard_init_linux.go:219: exec user process caused: exec format error
Solution: Build a linux/amd64 image on M1
docker buildx build --platform linux/amd64 -t aws-ecs-fargate-spring-boot-application .
Now we have a docker image published on the ECR docker registry in the AWS dashboard. We can simply copy the image URI and use it where we needs to deploy.
We have done with building and publishing docker images on AWS ECR private repositories for the spring boot deployment on AWS ECS fargate.
Now we can focus on configuring the Amazon RDS database on a private subnet to use with the spring boot application that we are going to deploy.