Dockerrun.aws.json structure for ECR Repo

We are switching from Docker Hub to ECR and I’m curious how to structure the Dockerrun.aws.json file to use this image. I attempted to modify the name as <my_ECR_URL>/<repo_name>:<image_tag> but this is not successful. I also saw the details of private registries using an authentication file on S3 but this doesn’t seem like the correct route when aws ecr get-login is the recommended way to authenticate with ECR.

Can anyone point me to how I can use an ECR image in a Beanstalk Dockerrun.aws.json file?

  • Docker - denied: Your Authorization Token has expired
  • AWS ElasticBeanstalk Multidocker is not creating an ECS task with a correct Cmd
  • Using Spinnaker to deploy a Docker image from dockerhub to Aws Eb
  • How to Access AWS EC2 docker tomcat instance running inside jenkins docker instance from my local browser
  • How to create a new docker image from a running container on Amazon?
  • Kubernetes 1.2alpha8 AWS Container Registry Integration
  • If I look at the ECS Task Definition,there’s a required attribute called com.amazonaws.ecs.capability.ecr-auth, but I’m not setting that anywhere in my Dockerrun.aws.json file and I’m not sure what needs to be there. Perhaps it is an S3 bucket? Something is needed as every time I try to run the Elastic Beanstalk created tasks from ECS, I get:

    Run tasks failed
    Reasons : ATTRIBUTE
    

    Any insights are greatly appreciated.

    Update I see from some other threads that this used to occur with earlier versions of the ECS agent but I am currently running Agent version 1.6.0 and Docker version 1.7.1, which I believe are the recommended versions. Is this possibly an issue with the Docker version?

  • neo4j-mazerunner, How to Increase memory size in docker-compose.yml
  • Docker: bash terminal starts without prompt
  • Adding portMappings to Dockerrun.aws.json with Single container configuartion
  • ssh-add does not work inside docker image
  • PHP Development Environment using Docker
  • Creating a Docker Compose for Rail App with Cassandra
  • 4 Solutions collect form web for “Dockerrun.aws.json structure for ECR Repo”

    So it turns out, the ECS agent was only able to pull images with version 1.7, and that’s where mine was falling. Updating the agent resolves my issue, and hopefully it helps someone else.

    This is most likely an issue with IAM roles if you are using a role that was previously created for Elastic Beanstalk. Ensure that the role that Elastic Beanstalk is running with has the AmazonEC2ContainerRegistryReadOnly managed policy attached

    Source: http://docs.aws.amazon.com/AmazonECR/latest/userguide/ECR_IAM_policies.html

    Support for ECR was added in version 1.7.0 of the ECS Agent.

    When using Elasticbeanstalk and ECR you don’t need to authenticate. Just make sure the user has the policy AmazonEC2ContainerRegistryReadOnly

    You can store your custom Docker images in AWS with Amazon EC2 Container Registry (Amazon ECR). When you store your Docker images in
    Amazon ECR, Elastic Beanstalk automatically authenticates to the
    Amazon ECR registry with your environment’s instance profile, so you
    don’t need to generate an authentication file and upload it to Amazon
    Simple Storage Service (Amazon S3).

    You do, however, need to provide your instances with permission to
    access the images in your Amazon ECR repository by adding permissions
    to your environment’s instance profile. You can attach the
    AmazonEC2ContainerRegistryReadOnly managed policy to the instance
    profile to provide read-only access to all Amazon ECR repositories in
    your account, or grant access to single repository by using the
    following template to create a custom policy:

    Source: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.