Amazon Elastic Container Registry (Amazon ECR) is a fully managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images in a highly available and scalable infrastructure.
Amazon ECR consists of a private registry, a repository, an authorization token, a repository policy and an image.
- A private registry, provided to each AWS account, is a registry where you can create repositories and store images in them.
- A repository; where you store your Docker images.
- An authorization token; with which users authenticate their registries before they can pull or push images into them.
- A repository policy; to control access to the repositories and images inside them.
- An image; which is a template containing instructions for creating a container.
You can also easily integrate Amazon ECR with your continuous integration and delivery (CI/CD) workflow and using Github Actions is one of the numerous ways to integrate Amazon ECR with your CI/CD pipeline right from your Github repository.
Using Github Actions, you can set up workflows to build and push Docker images to Amazon ECR whenever you push code changes to your Github repository. Github has provided various templates to automate your builds using Github Actions and here is one of the ways to push your Docker image to Amazon ECR:
# This workflow will build and push a new container image to Amazon ECR, when there is a push to the "master" branch.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
# Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
# Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
# See the documentation for each action used below for the recommended IAM policies for this IAM user,
# and best practices on handling the access key credentials.
name: Deploy to Amazon ECR
on:
push:
branches: [ "master" ]
env:
# set this to your preferred AWS region, e.g. us-west-1
AWS_REGION: MY_AWS_REGION
# set this to your Amazon ECR repository name
ECR_REPOSITORY: MY_ECR_REPOSITORY
permissions:
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
Amazon ECR's seamless integration with Github Actions can help you streamline your CI/CD pipeline and effortlessly automate your deployment process.
Top comments (0)