Dockerrun.aws.json structure for ECR Repo

We are switching from Docker Hub to ECR and I’m curious how to structure the Dockerrun.aws.json file to use this image. I attempted to modify the name as <my_ECR_URL>/<repo_name>:<image_tag> but this is not successful. I also saw the details of private registries using an authentication file on S3 but this doesn’t seem like the correct route when aws ecr get-login is the recommended way to authenticate with ECR.

Can anyone point me to how I can use an ECR image in a Beanstalk Dockerrun.aws.json file?

  • Deploy Meteor 1.3, React app on AWS
  • Installing CPhalcon on an AWS Docker image
  • How do you share volumes between Docker containers in an Elastic Beanstalk application?
  • Unable to deploy Docker composer to AWS ECS
  • How to log PHP errors in an AWS Elastic Beanstalk Docker container
  • How to change nginx config in amazon elastic beanstalk running a docker instance
  • If I look at the ECS Task Definition,there’s a required attribute called com.amazonaws.ecs.capability.ecr-auth, but I’m not setting that anywhere in my Dockerrun.aws.json file and I’m not sure what needs to be there. Perhaps it is an S3 bucket? Something is needed as every time I try to run the Elastic Beanstalk created tasks from ECS, I get:

    Run tasks failed
    Reasons : ATTRIBUTE
    

    Any insights are greatly appreciated.

    Update I see from some other threads that this used to occur with earlier versions of the ECS agent but I am currently running Agent version 1.6.0 and Docker version 1.7.1, which I believe are the recommended versions. Is this possibly an issue with the Docker version?

  • configure Angular 2 Webpack App in Docker container environment specific
  • Cayley docker isn't writing data
  • remote docker commands execution
  • Docker connect database from a container (laravel) to other container (wordpress)
  • Docker for parallel tasks
  • docker nginx and php, php cant connect to localhost
  • 4 Solutions collect form web for “Dockerrun.aws.json structure for ECR Repo”

    So it turns out, the ECS agent was only able to pull images with version 1.7, and that’s where mine was falling. Updating the agent resolves my issue, and hopefully it helps someone else.

    This is most likely an issue with IAM roles if you are using a role that was previously created for Elastic Beanstalk. Ensure that the role that Elastic Beanstalk is running with has the AmazonEC2ContainerRegistryReadOnly managed policy attached

    Source: http://docs.aws.amazon.com/AmazonECR/latest/userguide/ECR_IAM_policies.html

    Support for ECR was added in version 1.7.0 of the ECS Agent.

    When using Elasticbeanstalk and ECR you don’t need to authenticate. Just make sure the user has the policy AmazonEC2ContainerRegistryReadOnly

    You can store your custom Docker images in AWS with Amazon EC2 Container Registry (Amazon ECR). When you store your Docker images in
    Amazon ECR, Elastic Beanstalk automatically authenticates to the
    Amazon ECR registry with your environment’s instance profile, so you
    don’t need to generate an authentication file and upload it to Amazon
    Simple Storage Service (Amazon S3).

    You do, however, need to provide your instances with permission to
    access the images in your Amazon ECR repository by adding permissions
    to your environment’s instance profile. You can attach the
    AmazonEC2ContainerRegistryReadOnly managed policy to the instance
    profile to provide read-only access to all Amazon ECR repositories in
    your account, or grant access to single repository by using the
    following template to create a custom policy:

    Source: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.