DEV Community

Cover image for Deploying a container image to AWS ECR using a GitHub Action
Yusuf Adeyemo for AWS Community Builders

Posted on • Originally published at on


Deploying a container image to AWS ECR using a GitHub Action

In this blog post, I am going to show how you can automatically deploy a new container image to AWS ECR using a GitHub Action when there has been a merge to the main branch on GitHub.


  • Basic GitHub Action Knowledge


Step 1: Create ECR Repository

You must use an IAM user account with Programmatic access rights to create or manage resources on AWS with AWS CLI. To do that, you need to retrieve your access key ID and secret access key and then set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables as shown below.



Enter fullscreen mode Exit fullscreen mode

To create a repository in the ECR from the AWS CLI On a machine that has the AWS CLI configured, enter the following to create the repository:

 aws ecr create-repository --repository-name name-of- repository --region name-of-region

Enter fullscreen mode Exit fullscreen mode

For example:

 aws ecr create-repository --region eu-west-1 --repository-name node-repo

Enter fullscreen mode Exit fullscreen mode

If everything goes well, you should see an output like this:

    "repository": {
        "repositoryArn": "arn:aws:ecr:eu-west-1:XXXXXXXXXX:repository/test",
        "registryId": "790783553687",
        "repositoryName": "test",
        "repositoryUri": "",
        "createdAt": "2022-09-28T14:01:20+01:00",
        "imageTagMutability": "MUTABLE",
        "imageScanningConfiguration": {
            "scanOnPush": false
        "encryptionConfiguration": {
            "encryptionType": "AES256"

Enter fullscreen mode Exit fullscreen mode

Note down the repositoryName in the output; we'll need it later in the process.

Step 2: Add AWS Credential as Secret.

  • Under your repository name, click Settings.

  • In the left sidebar, click Secrets.

  • Click New repository secret.

Create two new Secrets AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, with the same credential you exported as the env variable above


Step 3: Create your GitHub Action First Workflow

Go to the Actions tab of a GitHub repository and click the Set up this workflow button to create a workflow.

A new workflow file called main.yml will be automatically generated under the .github/workflows directory. Replace the populated content with below.

   name: "Build and push to ECR"
    - master
    name: "Build and Push to ECR"
    runs-on: ubuntu-latest

      - name: Checkout Repository
        uses: actions/checkout@v2

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: eu-west-1 // region you want to push the image to

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Build, tag, and push image to Amazon ECR 🏷
        id: build-image
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: "your-ecr-repo-name"
          IMAGE_TAG: v1
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"

Enter fullscreen mode Exit fullscreen mode

Replace the ECR_REPOSITORY with the name of the repository you created earlier.


Congratulations! We have successfully created a GitHub that builds and pushes container images to AWS ECR on every pull request to the main branch.

Until next time, 🖤

Top comments (0)

Timeless DEV post...

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It's not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I'm talking about Git and version control of course.

One does not simply learn git