Sunday, December 11, 2022

AWS Pushing Docker Image to Elastic Container Registry (ECR)

I tried to create my first Repository using the IAM user I created, java-demo. 

































However, I ended up getting an error:





I fixed this by updating the ECR-PushImages Policy to include an additional action: ecr:CreateRepository.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:CreateRepository",
                "ecr:CompleteLayerUpload",
                "ecr:GetAuthorizationToken",
                "ecr:UploadLayerPart",
                "ecr:InitiateLayerUpload",
                "ecr:BatchCheckLayerAvailability",
                "ecr:PutImage"
            ],
            "Resource": "*"
        }
    ]
}
Note: one thing I found to be super-confusing was the Version block. I looked at it, saw a date from 2012, and figured "hmm, I should update this to the current date in 2022." 

However, that causes errors.

The Version is actually the Version of Policy language, and there are only 2 valid values:

<version_block> = "Version" : ("2008-10-17" | "2012-10-17")

Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html

That allowed me to create the ECR Repository.  However, after logging back on as my IAM user, I still couldn't list the newly-created Repository. :-/  

Rather than fumble through and one-by-one try and figure out what was needed, I ended up logging back in as Root User, using the Visual Editor, looking up Service: Elastic Container Registry and manually giving the IAM user actions by Access Level ...
























Once completing setting up the available ecr:actions with the Policy, I was able to tag and push my Docker Image to ECR. 


C:\>aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ************.dkr.ecr.us-east-1.amazonaws.com
Login Succeeded

C:\>docker tag f94c25ad91cd1dabbb0dae012a0da3f50c23e050fdd1916d7bd81d5c9dbec2b9 ************.dkr.ecr.us-east-1.amazonaws.com/java-spring-cloud-demo:v0.0.1

C:\>docker push ************.dkr.ecr.us-east-1.amazonaws.com/java-spring-cloud-demo:v0.0.1
The push refers to repository [************.dkr.ecr.us-east-1.amazonaws.com/java-spring-cloud-demo]
e971bfdd6e68: Pushed
cb90fdeb280a: Pushed
15b10c92f3b2: Pushed
e5e13b0c77cb: Pushed
v0.0.1: digest: sha256:6bee10abc02d77bced7593744f31b4d373069042cb45ae4cf4a2648992b5265a size: 1161
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)