Teach One To Fish

ECR using AWS CLI with docker

feature image

Elastic Container Registry (ECR) is the docker hub in AWS.

Cloud9

Create a Cloud9 instance for this example.

Install or update the AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

Run:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Check AWS CLI version

Run:

aws --version

Output:

aws-cli/2.9.19 Python/3.9.11 Linux/5.4.0-1094-aws exe/x86_64.ubuntu.18 prompt/off

Install Docker in Ubuntu

Run:

sudo apt update
sudo apt upgrade -y

Output:

[...]
Setting up python3-software-properties (0.96.24.32.20) ...
Setting up software-properties-common (0.96.24.32.20) ...
Processing triggers for dbus (1.12.2-1ubuntu1.4) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Run:

sudo apt install apt-transport-https ca-certificates curl software-properties-common

Output:

[...]
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1506 B of archives.
After this operation, 169 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ap-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.8 [1506 B]
[...]

Run:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update

Output:

Hit:1 http://ap-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
[...]

Run:

apt-cache policy docker-ce

Output:

docker-ce:
  Installed: (none)
  Candidate: 5:20.10.22~3-0~ubuntu-jammy
  Version table:
     5:20.10.22~3-0~ubuntu-jammy 500
        500 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
[...]

Install Docker CE

Run:

sudo apt install docker-ce

Output:

Reading package lists... Done
[...]
After this operation, 384 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Output:

Get:1 http://ap-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 pigz amd64 2.6-1 [63.6 kB]
[...]
No VM guests are running outdated hypervisor (qemu) binaries on this host.

check Docker status

Run:

sudo systemctl status docker

Output:

● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2022-12-21 15:47:32 UTC; 3s ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 1956 (dockerd)
      Tasks: 7
     Memory: 23.9M
        CPU: 250ms
     CGroup: /system.slice/docker.service
             └─1956 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Dec 21 15:47:32 ip-172-31-4-26 dockerd[1956]: time="2022-12-21T15:47:32.390191421Z" level=info msg="scheme \"unix\" not registered,>
Dec 21 15:47:32 ip-172-31-4-26 dockerd[1956]: time="2022-12-21T15:47:32.390227597Z" level=info msg="ccResolverWrapper: sending upda>
Dec 21 15:47:32 ip-172-31-4-26 dockerd[1956]: time="2022-12-21T15:47:32.390257992Z" level=info msg="ClientConn switching balancer t>

Docker command

Run:

docker

Output:

Usage:  docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/home/ubuntu/.docker")
[...]
Run 'docker COMMAND --help' for more information on a command.

To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

Create a Docker image

Run:

mkdir repository
cd repository
touch Dockerfile

Dockerfile:

FROM public.ecr.aws/docker/library/ubuntu:18.04# Install dependenciesRUN apt-get update && \
 apt-get -y install apache2# Install apache and write hello world messageRUN echo 'Hello World!' > /var/www/html/index.html# Configure apacheRUN echo '. /etc/apache2/envvars' > /root/run_apache.sh && \
 echo 'mkdir -p /var/run/apache2' >> /root/run_apache.sh && \
 echo 'mkdir -p /var/lock/apache2' >> /root/run_apache.sh && \ 
 echo '/usr/sbin/apache2 -D FOREGROUND' >> /root/run_apache.sh && \ 
 chmod 755 /root/run_apache.sh

EXPOSE80CMD /root/run_apache.sh

Build the Docker image from your Dockerfile.

Run:

docker build -t [test1] .

Output:

[...]
Successfully built 67ebcd8afbb1
Successfully tagged test1:latest

Run docker images to verify that the image was created correctly.

Run:

docker images --filter reference=[test1]

Output:

REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
test1        latest    67ebcd8afbb1   30 seconds ago   203MB

Run the newly built image. The -p 8088:80 option maps the exposed port 8088 on the container to port 80 on the host system.

Run:

docker run -t -i -p 8088:80 test1

Output:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message

Testing

Testing in a new terminal.

Run:

curl http://localhost:8088

Output:

Hello World!

Testing in your notebook browser.

Find your IP from Management console or terminal.

Run:

curl http://api.ipify.com

Output:

1.2.3.4

Then edit your security group to open port 8088. Browse the IP to see the result.

Stop the Docker container by typing Ctrl + c.

Authenticate to your default registry

Run:

aws ecr get-login-password --region [region] | docker login --username AWS --password-stdin [aws_account_id].dkr.ecr.[region].amazonaws.com

aws ecr get-login-password –region [region] | docker login –username AWS –password-stdin [aws_account_id].dkr.ecr.[region].amazonaws.com

Output:

WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

Push an image to Amazon ECR

To tag and push an image to Amazon ECR List the images you have stored locally to identify the image to tag and push.

Run:

docker images

Output:

REPOSITORY  TAG       IMAGE ID       CREATED         SIZE
test1       latest    67ebcd8afbb1   23 minutes ago  203MB

Run:

docker tag [test1]:latest [aws_account_id].dkr.ecr.[region].amazonaws.com/[test1]

Output:

Double check the images again.

Run:

docker images

Output:

REPOSITORY                                          TAG       IMAGE ID       CREATED       SIZE
639471902531.dkr.ecr.ap-east-1.amazonaws.com/test1  latest    67ebcd8afbb1   2 hours ago   203MB
test1                                               latest    67ebcd8afbb1   2 hours ago   203MB

Push the image.

Run:

docker push [aws_account_id].dkr.ecr.[region].amazonaws.com/[test1]

Output:

Using default tag: latest
The push refers to repository [639471902531.dkr.ecr.ap-east-1.amazonaws.com/test1]
223139eaad3b: Pushed 
[...]

Then you can see the image in the ECR.

Vulnerabilities

You may see the number of Vulnerabilities after auto scan. 8 Medium + 13 others (details)

Vulnerabilities

Pull an image from Amazon ECR

Run:

docker pull [aws_account_id].dkr.ecr.[region].amazonaws.com/[test1]

Output:

latest: Pulling from hello-repository
0a85502c06c9: Pull complete
Digest: sha256:215d7e4121b30157d8839e81c4e0912606fca105775bb0636EXAMPLE
Status: Downloaded newer image for aws_account_id.dkr.region.amazonaws.com/hello-repository:latest

Delete an image

Run:

aws ecr batch-delete-image \
      --repository-name [test1] \
      --image-ids imageTag=latest \
      --region [region]

Output:

Delete a repository

Run:

aws ecr delete-repository \
      --repository-name hello-repository \
      --force \
      --region [region]

Output:

Teach One To Fish

,
,