Elastic Container Registry (ECR) is the docker hub in AWS.
Cloud9
Create a Cloud9 instance for this example.
Install or update the AWS CLI
Run:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Check AWS CLI version
Run:
aws --version
Output:
aws-cli/2.9.19 Python/3.9.11 Linux/5.4.0-1094-aws exe/x86_64.ubuntu.18 prompt/off
Install Docker in Ubuntu
Run:
sudo apt update
sudo apt upgrade -y
Output:
[...]
Setting up python3-software-properties (0.96.24.32.20) ...
Setting up software-properties-common (0.96.24.32.20) ...
Processing triggers for dbus (1.12.2-1ubuntu1.4) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Run:
sudo apt install apt-transport-https ca-certificates curl software-properties-common
Output:
[...]
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1506 B of archives.
After this operation, 169 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ap-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.8 [1506 B]
[...]
Run:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
Output:
Hit:1 http://ap-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
[...]
Run:
apt-cache policy docker-ce
Output:
docker-ce:
Installed: (none)
Candidate: 5:20.10.22~3-0~ubuntu-jammy
Version table:
5:20.10.22~3-0~ubuntu-jammy 500
500 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
[...]
Install Docker CE
Run:
sudo apt install docker-ce
Output:
Reading package lists... Done
[...]
After this operation, 384 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Output:
Get:1 http://ap-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 pigz amd64 2.6-1 [63.6 kB]
[...]
No VM guests are running outdated hypervisor (qemu) binaries on this host.
check Docker status
Run:
sudo systemctl status docker
Output:
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-12-21 15:47:32 UTC; 3s ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 1956 (dockerd)
Tasks: 7
Memory: 23.9M
CPU: 250ms
CGroup: /system.slice/docker.service
└─1956 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Dec 21 15:47:32 ip-172-31-4-26 dockerd[1956]: time="2022-12-21T15:47:32.390191421Z" level=info msg="scheme \"unix\" not registered,>
Dec 21 15:47:32 ip-172-31-4-26 dockerd[1956]: time="2022-12-21T15:47:32.390227597Z" level=info msg="ccResolverWrapper: sending upda>
Dec 21 15:47:32 ip-172-31-4-26 dockerd[1956]: time="2022-12-21T15:47:32.390257992Z" level=info msg="ClientConn switching balancer t>
Docker command
Run:
docker
Output:
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/home/ubuntu/.docker")
[...]
Run 'docker COMMAND --help' for more information on a command.
To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
Create a Docker image
Run:
mkdir repository
cd repository
touch Dockerfile
Dockerfile:
FROM public.ecr.aws/docker/library/ubuntu:18.04# Install dependenciesRUN apt-get update && \
apt-get -y install apache2# Install apache and write hello world messageRUN echo 'Hello World!' > /var/www/html/index.html# Configure apacheRUN echo '. /etc/apache2/envvars' > /root/run_apache.sh && \
echo 'mkdir -p /var/run/apache2' >> /root/run_apache.sh && \
echo 'mkdir -p /var/lock/apache2' >> /root/run_apache.sh && \
echo '/usr/sbin/apache2 -D FOREGROUND' >> /root/run_apache.sh && \
chmod 755 /root/run_apache.sh
EXPOSE80CMD /root/run_apache.sh
Build the Docker image from your Dockerfile.
Run:
docker build -t [test1] .
Output:
[...]
Successfully built 67ebcd8afbb1
Successfully tagged test1:latest
Run docker images to verify that the image was created correctly.
Run:
docker images --filter reference=[test1]
Output:
REPOSITORY TAG IMAGE ID CREATED SIZE
test1 latest 67ebcd8afbb1 30 seconds ago 203MB
Run the newly built image. The -p 8088:80
option maps the exposed port 8088 on the container to port 80 on the host system.
Run:
docker run -t -i -p 8088:80 test1
Output:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
Testing
Testing in a new terminal.
Run:
curl http://localhost:8088
Output:
Hello World!
Testing in your notebook browser.
Find your IP from Management console or terminal.
Run:
curl http://api.ipify.com
Output:
1.2.3.4
Then edit your security group to open port 8088. Browse the IP to see the result.
Stop the Docker container by typing Ctrl + c
.
Authenticate to your default registry
Run:
aws ecr get-login-password --region [region] | docker login --username AWS --password-stdin [aws_account_id].dkr.ecr.[region].amazonaws.com
aws ecr get-login-password –region [region] | docker login –username AWS –password-stdin [aws_account_id].dkr.ecr.[region].amazonaws.com
Output:
WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Push an image to Amazon ECR
To tag and push an image to Amazon ECR List the images you have stored locally to identify the image to tag and push.
Run:
docker images
Output:
REPOSITORY TAG IMAGE ID CREATED SIZE
test1 latest 67ebcd8afbb1 23 minutes ago 203MB
Run:
docker tag [test1]:latest [aws_account_id].dkr.ecr.[region].amazonaws.com/[test1]
Output:
Double check the images again.
Run:
docker images
Output:
REPOSITORY TAG IMAGE ID CREATED SIZE
639471902531.dkr.ecr.ap-east-1.amazonaws.com/test1 latest 67ebcd8afbb1 2 hours ago 203MB
test1 latest 67ebcd8afbb1 2 hours ago 203MB
Push the image.
Run:
docker push [aws_account_id].dkr.ecr.[region].amazonaws.com/[test1]
Output:
Using default tag: latest
The push refers to repository [639471902531.dkr.ecr.ap-east-1.amazonaws.com/test1]
223139eaad3b: Pushed
[...]
Then you can see the image in the ECR.

You may see the number of Vulnerabilities after auto scan. 8 Medium + 13 others (details)

Pull an image from Amazon ECR
Run:
docker pull [aws_account_id].dkr.ecr.[region].amazonaws.com/[test1]
Output:
latest: Pulling from hello-repository
0a85502c06c9: Pull complete
Digest: sha256:215d7e4121b30157d8839e81c4e0912606fca105775bb0636EXAMPLE
Status: Downloaded newer image for aws_account_id.dkr.region.amazonaws.com/hello-repository:latest
Delete an image
Run:
aws ecr batch-delete-image \
--repository-name [test1] \
--image-ids imageTag=latest \
--region [region]
Output:
Delete a repository
Run:
aws ecr delete-repository \
--repository-name hello-repository \
--force \
--region [region]
Output: