[aws] Amazon ECR(프라이빗 레지스트리)

Amazon ECR(Amazon Elastic Container Registry)

 : Amazon Elastic Container Registry(ECR)는 완전관리형 컨테이너 레지스트리로, 이미지와 아티팩트를 어디서나 쉽게 보관, 관리, 공유 및 배포하도록 지원합니다.

 

 

요금(프라이빗 리포지토리)

• inbound - 무료
• outbound - 목적지에 따라 비용이 결정
  • 동일 리전(region)
    • 동일 AZ(EC2 등) - 무료
    • 다른 AZ - GB당 0.01 USD
    • 지역 서비스(regional)의 Endpoint(SNS, S3, ECR 등)으로 직접 전송 - 무료
  • 다른 리전(region) - GB당 0.08 USD
  • 인터넷(아래 표 참고-프라이빗 리포지토리에서 전송된 데이터)

 

ECR 리포지토리

Amazon ECR > 리포지토리 > 리포지토리 생성

nginx 리포지토리 생성

 

 

 

- URL : 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx

 

Amazon ECR > 리포지토리 > nginx

nginx 리포지토리

 

awscli 명령

$ aws --version
aws-cli/2.8.12 Python/3.9.11 Linux/5.15.0-1019-aws exe/x86_64.ubuntu.22 prompt/off

$ aws sts get-caller-identity
{
    "Account": "4Account", 
    "UserId": "AIDAUserId", 
    "Arn": "arn:aws:iam::4Account:user/username01@gmail.com"
}

docker 클라이언트 인증

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com

$ aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com
WARNING! Your password will be stored unencrypted in /home/vagrant/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

도커 이미지 빌드

docker build -t nginx .

도커 이미지에 태그 지정

docker tag nginx:latest 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest

AWS 리포지토리로 푸시(docker push)

docker push 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest

$ docker push 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
The push refers to repository [4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx]
c72d75f45e5b: Pushed 
9a0ef04f57f5: Pushed 
d13aea24d2cb: Pushed 
2b3eec357807: Pushed 
2dadbc36c170: Pushed 
8a70d251b653: Pushed 
latest: digest: sha256:9a821cadb1b13cb782ec66445325045b2213459008a41c72d8d87cde94b33c8c size: 1570

- 이미지 URL : 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest

nginx 도커 이미지 풀(docker pull)

$ docker images --filter=reference="nginx:latest"
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

docker pull 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest

$ docker pull 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
latest: Pulling from nginx
3f4ca61aafcd: Pull complete 
50c68654b16f: Pull complete 
3ed295c083ec: Pull complete 
40b838968eea: Pull complete 
88d3ab68332d: Pull complete 
5f63362a3fa3: Pull complete 
Digest: sha256:9a821cadb1b13cb782ec66445325045b2213459008a41c72d8d87cde94b33c8c
Status: Downloaded newer image for 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest

docker images --filter=reference="4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest"

$ docker images --filter=reference="4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest"
REPOSITORY                                           TAG       IMAGE ID       CREATED      SIZE
4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx   latest    1403e55ab369   6 days ago   142MB

nginx 컨테이너 실행

docker run -d --rm -p 8080:80 --name nginx 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest

$ docker run -d --rm -p 8080:80 --name nginx 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
1ee36de7171fc3b4fce2a6aa8cd99e7982328fa029dcdbed83a522082111eab9

$ curl localhost:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

 

ECR 권한

IAM > 역할

EC2 역할(AmazonEC2RoleforSSM)에 AmazonEC2ContainerRegistryFullAccess 권한 부여

정책 필터 : AmazonEC2ContainerRegistry

 

awscli로 리포지토리(Repositories) 생성

hello-repository 리포지토리 생성

aws ecr create-repository \
    --repository-name hello-repository \
    --image-scanning-configuration scanOnPush=true \
    --region us-east-1

$ aws ecr create-repository \
>     --repository-name hello-repository \
>     --image-scanning-configuration scanOnPush=true \
>     --region us-east-1
{
    "repository": {
        "repositoryArn": "arn:aws:ecr:us-east-1:4XXXXXXXXXX1:repository/hello-repository",
        "registryId": "4XXXXXXXXXX1",
        "repositoryName": "hello-repository",
        "repositoryUri": "4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/hello-repository",
        "createdAt": "2022-12-28T10:37:36+09:00",
        "imageTagMutability": "MUTABLE",
        "imageScanningConfiguration": {
            "scanOnPush": true
        },
        "encryptionConfiguration": {
            "encryptionType": "AES256"
        }
    }
}

 

참고URL

- AWS CLI에서 Amazon ECR 사용 : https://docs.aws.amazon.com/ko_kr/AmazonECR/latest/userguide/getting-started-cli.html

- Amazon ECR : https://docs.aws.amazon.com/ko_kr/AmazonECR/latest/userguide/what-is-ecr.html

- Amazon Elastic Container Registry 요금 : https://aws.amazon.com/ko/ecr/pricing

- dockerhub 비용 : https://www.docker.com/pricing/

- AWS 데이터 전송비용 정리 : https://ltlkodae.tistory.com/m/27

- aws ecr describe-registry https://docs.aws.amazon.com/cli/latest/reference/ecr/describe-registry.html

- aws ecr describe-images https://docs.aws.amazon.com/cli/latest/reference/ecr/describe-images.html