The holiday season is already here and Docker developers on AWS are getting a nice gift this year. Today, Amazon released a new service: EC2 Container Registry (ECR). ECR gives developers a secure, scalable, and reliable container registry without the need to manually set up infrastructure. As a certified launch partner, it’s now possible to build, test, upload, and deploy new Docker containers in a single git push using only CircleCI and AWS.
When Amazon provided us beta access to this new service, we couldn’t wait to see all the possibilities with CircleCI. Now that we’ve been able to play around with it a bit, we wanted to share what we’ve seen with a small demo project using CircleCI to test and then deploy a new multi-container setup to AWS.
Docker Containers, Running and Stored
Last year Amazon released their EC2 Container Service which removed the hassle of dealing with the infrastructure required for running Docker images. Through this service it’s been possible to test not just code but also infrastructure through CircleCI, which made it a lot easier to truly treat infrastructure as code. Combined with CircleCI, this system allowed for quick testing and deployment of Dockerized code but didn’t really provide a way to store Docker images and manage permissions easily.
AWS isn’t the first to have a Docker Registry; Docker and Google both have their own registries and, of course, you can always run your own Registry in your existing AWS EC2 instances. Even with those options AWS’ new Container Registry can still be more useful given that it has tight integration with the existing AWS services. We found two major advantages to the new ECR. The first is that ECR is a first class AWS service and as such it is fully integrated with Amazon’s Identity Access Management. Second, ECR provides redundant Docker Registry servers across all of their regions. This makes working with Docker images in AWS more convenient as well as providing some much needed redundancy and security, especially for those developers who have, up until now, been running their own registries.
Getting Started: Using Amazon’s Container Service with CircleCI
Before we demonstrate switching your Docker registry to Amazon ECR, we would like to show you how to use ECS with CircleCI. We assume here that you have already set up the EC2 Container Service on Amazon (but don’t yet necessarily have any images deployed) and that you have knowledge of Docker and Docker compose. Our very own Kevin Bell has built a simple multi-container service which you can check out on the project’s GitHub page. You should be aware however that to use ECS and ECR through CircleCI you will, at a minimum, need to have the environment variables
AWS_ACCESS_KEY_ID AWS_DEFAULT_REGION AWS_SECRET_ACCESS_KEY
set through your project’s CircleCI Environment Variables settings page. After you have set those variables though it doesn’t take much code to get up and running and there is actually no real added complexity with the circle.yml file. Below is the only non-Docker or test commands in the new circle.yml file:
machine: pre: - sudo curl -L -o /usr/bin/docker 'https://s3-external-1.amazonaws.com/circle-downloads/docker-1.9.0-circleci' - sudo chmod 0755 /usr/bin/docker services: - docker deployment: prod: branch: master commands: - ./deploy.sh
As you can see here the real meat of the ECS part of the project is in the deploy.sh script. If you open it you can see that it consists of four separate but basic functions. First, with
deploy_image we push the newly created image to our registry. In this case it’s pushing to Docker.io but we’ll change that shortly. Afterward, we deploy our images with
deploy_cluster creating a task definition, registering the task definition with aws ecs register-task-definition, and then waiting for the older task revisions to be removed. After that Amazon should be running your new Docker containers!
So how do we use ECR?
Amazon ECR is even easier to set up. Once you’ve created your Docker repository on AWS, simply log in with
aws ecr get-login
and then tag your image using the address of the docker registry and your AWS account ID such as
docker tag ubuntu:trusty aws_account_id.dkr.ecr.us-east-1.amazon aws.com/ubuntu:trusty
and finally push to AWS in a similar fashion such as
docker push aws_account_id.dkr.ecr.us-east-1.amazonaws.com/ubuntu:trusty
That’s all there is to it! You’re now building, testing, pushing, and deploying your code and infrastructure all through CircleCI and AWS!
I hope this helps give you some ideas as to how you can use Docker with CircleCI and AWS in your projects! This naturally isn’t the only way to use Amazon’s Container Service and Container Registry through CircleCI. We look forward to building on our partnership and bringing more ways to integrate Amazon ECR and CircleCI.
As always, if you find yourself lost or having trouble using these services we’re happy to answer any questions you may have. You can reach out to our experts on our Discuss community site or contact us at firstname.lastname@example.org or in-app.