0
votes

I am trying to create a workflow where developers in my organisation can upload docker images to our AWS ECR. The following commands work :

Step-1: Get Token

aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <repo-url>

Step-2: Tag the already built image

docker tag <local-image:tag> <ecr-repo-url>:latest

Step-3: Finally Push

docker push <ecr-repo-url>:latest

Now this works absolutely fine.

However as I am trying to automate the above steps. I will NOT have AWS CLI configured on end users machine. So Step-1 will fail for the end user

So two quick queries:

  1. Can I get the token from a remote machine and Step-2 and Step-3 can happen from client
  2. Can I do all the three steps in remote and I have a service that uploads the local docker image to the remote server which in turn will take care of tag - push
2

2 Answers

1
votes

I'm hoping that the end-user will have docker installed

In that case you can make use AWS CLI docker image to obtain the token from ECR.

0
votes

The token itself is just a temporary password so whether you use the AWS CLI on the remote server or not it will be valid for the Docker credentials.

You of also have the option of using the AWS SDK that you could package with a small application to perform this action, such as Boto3 although you would need to ensure that the host itself has the relevant programming language configured.

Alternatively if you want this to be automated you could actually look at using a CI/CD pipeline.

GitHub has Actions, BitBucket has Pipelines and GitLab has arguably the most CI/CD built into it. This would have these services perform all of the above actions for you.

As a final suggestion you could use CodeBuild within a CodePipeline to build your image and then tag and deploy it to ECR for you. This will be automated by a trigger and not require any permanent infrastructure.

More information about this option is available in the Build a Continuous Delivery Pipeline for Your Container Images with Amazon ECR as Source article.