How to create a public repository in Amazon Elastic Container Registry (ECR) using AWS CLI?
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
Today we will discuss how to create a public repository in AWS Elastic Container Registry (ECR) using AWS CLI. We will also discuss on how to push and pull a docker image from AWS ECR public repository using AWS CLI.
What is Elastic Container Public Registry (ECR)?
Amazon Elastic Container Public Registry is a managed AWS container image registry service that is secure, scalable, and reliable. Amazon ECR supports public image repositories with resource-based permissions using AWS IAM so that specific users can access your public repositories to push images. Developers can use their preferred CLI to push and manage Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. Your images are publicly available to pull, either anonymously or using an Amazon ECR Public authentication token.
Components of AWS ECR Public Registry:
Amazon ECR Public Gallery:
The Amazon ECR Public Gallery is the public portal that lists all public repositories hosted on Amazon ECR Public. Visit the Amazon ECR Public Gallery at https://gallery.ecr.aws.com
Registry:
A public registry is provided to each AWS account; you can create public image repositories in your public registry and store images in them.
Authorization token:
Your client must authenticate to a public registry as an AWS user before it can push images to a public repository. For image pulls, Amazon ECR Public accepts both anonymous pulls and pulls using an authentication token.
Repository:
An Amazon ECR image repository contains your Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts.
Repository policy:
You can control access to your repositories and the images within them with repository policies.
Image:
You can push and pull container images to your repositories. You can use these images locally on your development system, or you can use them in Amazon ECS task definitions and Amazon EKS pod specifications.
Enough of theory, let us create a new public repository in AWS ECR using CLI.
How to create a public repository in Amazon Elastic Container Registry (ECR) using AWS CLI?
Prerequisites:
AWS CLI and Docker installed and configured.
Step 1: Get details on your AWS ECR public registry using AWS CLI.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
## Get details on AWS ECR public registry aws ecr-public describe-registries \ --region us-east-1 ## { ## "registries": [ ## { ## "registryId": " ## "registryArn": "arn:aws:ecr-public:: ## "registryUri": "public.ecr.aws/p4j8n4a3", ## "verified": false, ## "aliases": [ ## { ## "name": "p4j8n4a3", ## "status": "ACTIVE", ## "primaryRegistryAlias": true, ## "defaultRegistryAlias": true ## } ## ] ## } ## ] ## } |
Note: When you create a new AWS account, AWS automatically assigns a public registry in “us-east-1” region of your ECR service.
Step 2: Set a display name for your ECR public registry.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
## Set a display name for ECR public registry aws ecr-public put-registry-catalog-data \ --display-name "cloudaffaire" \ --region us-east-1 ## Check if display name was set properly aws ecr-public get-registry-catalog-data \ --region us-east-1 ## { ## "registryCatalogData": { ## "displayName": "cloudaffaire" ## } ## } |
Note: This display name will be visible to the public in AWS public image gallery
Step 3: Create a new public repository in AWS ECR using AWS CLI.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
## Get a logo for your public ECR repository (optional) wget --no-check-certificate https://avatars.githubusercontent.com/u/78044749?v=4 -O logo.png ## Create public repository configuration file cat << EOF > public_ecr_repo.json { "description": "This is a test public ECR repository", "architectures": [ "x86" ], "operatingSystems": [ "Linux" ], "logoImageBlob": "$(cat logo.png |base64 -w 0)", "aboutText": "This repository is created for demo purpose", "usageText": "This repository is not for public use." } EOF ## Create a public repository in ECR aws ecr-public create-repository \ --repository-name my_public_repo \ --catalog-data file://public_ecr_repo.json \ --region us-east-1 ## { ## "repository": { ## "repositoryArn": "arn:aws:ecr-public:: ## "registryId": " ## "repositoryName": "my_public_repo", ## "repositoryUri": "public.ecr.aws/p4j8n4a3/my_public_repo", ## "createdAt": "2022-03-07T10:58:31.608000+00:00" ## }, ## "catalogData": { ## "description": "This is a test public ECR repository", ## "architectures": [ ## "x86" ## ], ## "operatingSystems": [ ## "Linux" ## ], ## "logoUrl": "https:// ## "aboutText": "This repository is created for demo purpose", ## "usageText": "This repository is not for public use." ## } ## } |
You can also create a new public ECR repository from AWS management console.
Step 4: Get details on AWS ECR public repository using AWS CLI.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
## Get ecr public repository details aws ecr-public describe-repositories \ --region us-east-1 ## { ## "repositories": [ ## { ## "repositoryArn": "arn:aws:ecr-public:: ## "registryId": " ## "repositoryName": "my_public_repo", ## "repositoryUri": "public.ecr.aws/p4j8n4a3/my_public_repo", ## "createdAt": "2022-03-07T10:58:31.608000+00:00" ## } ## ] ## } ## Get ecr public repository catalog data aws ecr-public get-repository-catalog-data \ --repository-name my_public_repo \ --region us-east-1 ## { ## "catalogData": { ## "description": "This is a test public ECR repository", ## "architectures": [ ## "x86" ## ], ## "operatingSystems": [ ## "Linux" ## ], ## "logoUrl": "https:// ## "aboutText": "This repository is created for demo purpose", ## "usageText": "This repository is not for public use." ## } ## } |
Next, we will create a docker image in our local system and authenticate, tag and push the docker image to AWS ECR public repository.
Step 5: Create a new docker image and push the image to AWS ECR public repository.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
## Create a Dockerfile cat << EOF > Dockerfile FROM ubuntu:18.04 # Install dependencies RUN apt-get update && \ apt-get -y install apache2 # Install apache and write hello world message RUN echo 'Hello World!' > /var/www/html/index.html # Configure apache RUN echo '. /etc/apache2/envvars' > /root/run_apache.sh && \ echo 'mkdir -p /var/run/apache2' >> /root/run_apache.sh && \ echo 'mkdir -p /var/lock/apache2' >> /root/run_apache.sh && \ echo '/usr/sbin/apache2 -D FOREGROUND' >> /root/run_apache.sh && \ chmod 755 /root/run_apache.sh EXPOSE 80 CMD /root/run_apache.sh EOF ## Create a docker image docker build -t myimage . ## Check if the docker image was created successfully docker images --filter reference=myimage ## Authenticate yourself to the AWS ECR public registry aws ecr-public get-login-password \ --region us-east-1 | docker login \ --username AWS --password-stdin public.ecr.aws ## Get ecr repository url URL=$(aws ecr-public describe-repositories \ --region us-east-1 | jq -r .repositories[].repositoryUri ) && echo $URL ## returns public.ecr.aws/p4j8n4a3/my_public_repo ## TAG you docker image form ECR public repository docker tag myimage:latest $URL ## PUSH a docker image from a private ECR repository docker push $URL ## PULL a docker image from a private ECR repository ## docker pull $URL:latest |
Step 6: Get details on the public image in your ECR repository.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
## Get metadata about the images in a repository aws ecr-public describe-images \ --repository-name my_public_repo \ --image-ids imageTag=latest \ --region us-east-1 ## { ## "imageDetails": [ ## { ## "registryId": " ## "repositoryName": "my_public_repo", ## "imageDigest": "sha256: ## "imageTags": [ ## "latest" ## ], ## "imageSizeInBytes": 86243237, ## "imagePushedAt": "2022-03-08T13:51:37+00:00", ## "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json" ## } ## ] ## } |
You can also view your public images in AWS public image gallery.
Step 7: Clean up.
|
1 2 3 4 5 6 7 8 9 10 11 |
## Delete the image aws ecr-public batch-delete-image \ --repository-name my_public_repo \ --image-ids imageTag=latest \ --region us-east-1 ## Delete the public repository aws ecr-public delete-repository \ --repository-name my_public_repo \ --force \ --region us-east-1 |
Hope you have enjoyed this article, to get more details on AWS ECR, please follow below link.
https://docs.aws.amazon.com/ecr/index.html