To host your Docker images, you need what's called a registry. This registry is either run by you or as a service. It stores your images for you and sometimes builds them too. The Docker Hub and Quay.io from CoreOS are the main Docker-managed registries you can subscribe to. Both are interesting in terms of features or pricing. However, an interesting alternative is AWS Elastic Container Registry (ECR): pricing is different and fully integrated in the AWS ecosystem. Let's create countless repositories simply with Terraform!
To step through this recipe, you will need the following:
Let's say you want to store your application container in a repository named myapp
, so you can deploy it easily. It's very simple with Terraform. Add the following code to a file named ecr.tf
:
resource "aws_ecr_repository" "myapp" { name = "myapp" }
If you want to know the URL to access your new repository, you can create an output using the corresponding exported attribute:
output "ECR" { value = "${aws_ecr_repository.myapp.repository_url}" }
If you're used to the other Docker registries, the first step is to authenticate so you create private repositories. Here, no login or password are provided by AWS. We need to use the official AWS command line to authenticate, and that will give us temporary Docker credentials. The output of this command is the Docker command to type:
$ aws ecr get-login --region eu-west-1 docker login -u AWS -p AQECAHh... -e none https://<account_number>.dkr.ecr.eu-west-1.amazonaws.com
Now we can docker build
, tag
, and push
images at will! (See more about using Docker images in the dedicated chapter of this book.)
A nice advanced feature is the ability to use fine-grained policies for each repository created.
3.22.248.208