Amazon ECR Pulling an Image
By: Date: 04/04/2022 Categories: AWS,AWScommunity Tags:

To run a Docker image that is available in Amazon ECR, you can pull it to your local environment with the docker pull command.

  1. From an EC2 instance/Workstation, run the below command as mentioned here [1] to install AWS CLI

      ———–

      curl “https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip” -o “awscliv2.zip”

      unzip awscliv2.zip

      sudo ./aws/install

      ———– 

      You would also need ‘unzip’ package to install using this command ‘apt-get install unzip’ before running the above commands

  2. Install docker as mentioned here [2] and start the service using this command ‘service docker start’

https://docs.docker.com/engine/install/ubuntu/

sudo apt-get update

$ sudo apt-get install \

    ca-certificates \

    curl \

    gnupg \

    lsb-release

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
 $ sudo apt-get install docker-ce docker-ce-cli containerd.io

  3. Since you were performing these steps from an EC2 instance, we made sure that the instance role attached[3] to it had the below permissions to pull the ECR images and copy it to S3 bucket

      ———– 

      AmazonS3FullAccess

      AmazonEC2ContainerRegistryFullAccess

      ———–

      Note: Once you’re done with this, I would recommend detaching these policies as they give full access to your EC2 instance to S3 bucket & ECR registry

  4. Once you’ve the above setup done, then follow the below instructions mentioned here [4][5] to authenticate and pull images from ECR

      ———–

      aws ecr get-login-password –region region | docker login –username AWS –password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com

      docker pull <aws_account_id>.dkr.ecr.us-west-2.amazonaws.com/<ecr_repo_name>:<image_tag>

      ———–

  5. Once you have the image, run the below command to save it to a tar using below ‘docker save'[6] command

      ———–

      docker save <aws_account_id>.dkr.ecr.us-west-2.amazonaws.com/<ecr_repo_name>:<image_tag> > <image_name>.tar

      ———–

  6. Copy this tar ball to a S3 bucket using the below ‘aws s3 cp'[7] command

      ———–

      aws s3 cp <image_name>.tar s3://<s3_bucket_name>

      ———–

  7. Once the tar ball is uploaded to S3, download[8] it to your local machine and run the below ‘docker load'[9] command on your powershell to load the image from the tar archive

      ———–

Copy the docker image .tar file in C:\temp

      docker load –input <image_name>.tar

      ———–

  8. Run the below commands to confirm the image and also rename it to the name you desire

      ———–

      docker images

      docker tag <aws_account_id>.dkr.ecr.us-west-2.amazonaws.com/<ecr_repo_name>:<image_tag> <desired_image_name>:<image_tag>

Read more: Amazon ECR

Post Views: 1,158