Skip to content

AWS ECR - Elastic Container Registry Integration & EKS

Step-01: What are we going to learn?


Step-02: ECR Terminology

  • Registry: An ECR registry is provided to each AWS account; we can create image repositories in our registry and store images in them.
  • Repository: An ECR image repository contains our Docker images.
  • Repository policy: We can control access to our repositories and the images within them with repository policies.
  • Authorization token: Our Docker client must authenticate to Amazon ECR registries as an AWS user before it can push and pull images. The AWS CLI get-login command provides us with authentication credentials to pass to Docker.
  • Image: We can push and pull container images to our repositories.

Step-03: Pre-requisites

  • Install required CLI software on your local desktop
  • Install AWS CLI V2 version
    • Documentation Reference:
  • Install Docker CLI

    • We have taken of Docker local desktop installation as part of Docker Fundamentals section
    • Docker Desktop for MAC:
    • Docker Desktop for Windows:
    • Docker on Linux:
  • On AWS Console

    • Create Authorization Token for admin user if not created
    • Configure AWS CLI with Authorization Token
      aws configure
      AWS Access Key ID: ****
      AWS Secret Access Key: ****
      Default Region Name: us-east-1

Step-04: Create ECR Repository

  • Create simple ECR repository via AWS Console
  • Repository Name: aws-ecr-kubenginx
  • Tag Immutability: Enable
  • Scan on Push: Enable
  • Explore ECR console.
  • Create ECR Repository using AWS CLI
    aws ecr create-repository --repository-name aws-ecr-kubenginx --region us-east-1
    aws ecr create-repository --repository-name <your-repo-name> --region <your-region>

Best Selling AWS EKS Kubernetes Course on Udemy

Start Learning Now!

Step-05: Create Docker Image locally

  • Navigate to folder 10-ECR-Elastic-Container-Registry\01-aws-ecr-kubenginx from course github content download.
  • Create docker image locally
  • Run it locally and test
    # Build Docker Image
    docker build -t <ECR-REPOSITORY-URI>:<TAG> . 
    docker build -t . 
    # Run Docker Image locally & Test
    docker run --name <name-of-container> -p 80:80 --rm -d <ECR-REPOSITORY-URI>:<TAG>
    docker run --name aws-ecr-kubenginx -p 80:80 --rm -d
    # Access Application locally
    # Stop Docker Container
    docker ps
    docker stop aws-ecr-kubenginx
    docker ps -a -q

Dockerfile to be used to build Docker Image

FROM nginx
COPY index.html /usr/share/nginx/html

index.html file to be used during building Docker Image

<!DOCTYPE html>
<body style="background-color:rgb(217, 250, 210);">

<h1>Welcome to Stack Simplify</h1>
<h3>AWS EKS Master Class - Integration with ECR Registry</h3>


Step-06: Push Docker Image to AWS ECR

  • Firstly, login to ECR Repository
  • Push the docker image to ECR
  • AWS CLI Version 2.x
    # Get Login Password
    aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <ECR-REPOSITORY-URI>
    aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin
    # Push the Docker Image
    docker push <ECR-REPOSITORY-URI>:<TAG>
    docker push
  • Verify the newly pushed docker image on AWS ECR.
  • Verify the vulnerability scan results.

Step-07: Using ECR Image with Amazon EKS

Review the k8s manifests

  • Understand the Deployment and Service kubernetes manifests present in folder 10-ECR-Elastic-Container-Registry\02-kube-manifests
  • Deployment: 01-ECR-Nginx-Deployment.yml
  • NodePort Service: 02-ECR-Nginx-NodePortService.yml
  • ALB Ingress Service: 03-ECR-Nginx-ALB-IngressService.yml

Verify ECR Access to EKS Worker Nodes

  • Go to Services -> EC2 -> Running Instances > Select a Worker Node -> Description Tab
  • Click on value in IAM Role field
    # Sample Role Name 
  • In IAM on that specific role, verify permissions tab
  • Policy with name AmazonEC2ContainerRegistryReadOnly, AmazonEC2ContainerRegistryPowerUser should be associated

Kubernetes Manifests

apiVersion: apps/v1
kind: Deployment
name: kubeapp-ecr
   app: kubeapp-ecr
replicas: 2
      app: kubeapp-ecr
      app: kubeapp-ecr
      - name: kubeapp-ecr
            memory: "128Mi"
            cpu: "500m"
            memory: "256Mi"
            cpu: "1000m"
            - containerPort: 80
apiVersion: v1
kind: Service
name: kubeapp-ecr-nodeport-service
   app: kubeapp-ecr
#Important Note:  Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer /index.html    
type: NodePort
   app: kubeapp-ecr
   - port: 80
      targetPort: 80
# Annotations Reference:
apiVersion: extensions/v1beta1
kind: Ingress
name: ecr-ingress-service
   app: kubeapp-ecr
   # Ingress Core Settings "alb" internet-facing
   # Health Check Settings HTTP traffic-port '15' '5' '200' '2' '2'
   ## SSL Settings '[{"HTTPS":443}, {"HTTP":80}]' arn:aws:acm:us-east-1:180789647333:certificate/9f042b5d-86fd-4fad-96d0-c81c5abc71e1 ELBSecurityPolicy-TLS-1-1-2017-01 #Optional (Picks default if not used)    
   # SSL Redirect Setting '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'   
   # External DNS - For creating a Record Set in Route53       
   - http:
         - path: /* # SSL Redirect Setting
            serviceName: ssl-redirect
            servicePort: use-annotation            
         - path: /*
            serviceName: kubeapp-ecr-nodeport-service
            servicePort: 80                                   
# Important Note-1: In path based routing order is very important, if we are going to use  "/*", try to use it at the end of all rules.         

Deploy the kubernetes manifests

# Deploy
kubectl apply -f 02-kube-manifests/

# Verify
kubectl get deploy
kubectl get svc
kubectl get po
kubectl get ingress

Access Application

  • Wait for ALB Ingress to be provisioned
  • Verify Route 53 DNS registration
    # Get external ip of EKS Cluster Kubernetes worker nodes
    kubectl get nodes -o wide
    # Access Application

Step-08: Clean Up

# Clean-Up
kubectl delete -f 02-kube-manifests/

How ALB Ingress Controller Works?

AWS ALB Ingress Installation

AWS ALB Ingress Implementation Basics

Subscribe to our Youtube Channel

Free Courses


Start with our Getting Started Free Courses!