How to Push a Docker Image to the AWS ECR

Push the image to ECR

1. Create the AWS ECR repository

In the AWS console go to the AWS ECR page. Click the “Create repository” button.

AWS ECR list all repositories page

Then chouse visibility of your repository. I leave it as “private”, so it will be managed by IAM and repository policy permissions and won't be accessible to the public. Then fill up the name and click Create a repository on the bottom of the page.

Create AWS ECR repository form

An empty repository has been created!

The newly created AWS ECR repository

2. Prepare the image to be pushed.

In this example, I will push the image of a simple Node.js app that listens on port 8080 and displays its host/container name. The source code you can check here. The root directory has a Dockerfile. We will use it to build an image. Before pushing the image to the repository we need to tag it with the repository URL. In the root directory in the terminal run commands:

# Command to build an image
$docker image build -t <IMAGE_NAME>:<IMAGE_TAG> .

# Command example with my image
$docker image build -t simple-app-image .

# Command to tag an image
$docker image tag <IMAGE_NAME>:<IMAGE_TAG>  <REPOSITORY_URI>:<IMAGE_TAG>

# Command example with my image and repository
$docker image tag simple-app-image:latest  708995052028.dkr.ecr.us-east-2.amazonaws.com/ecr-tutorial-image:latest

The command to tag an image

The result will be like this:

Result of commands execution

3. Authenticate the Docker CLI to your AWS ECR

Now we need to authenticate the Docker CLI to AWS ECR.

# Command
$aws ecr get-login-password --region <REPOSITORY_REGION> | docker login --username AWS --password-stdin <REPOSITORY_URI>

# Command example with my region and repository
$aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 708995052028.dkr.ecr.us-east-2.amazonaws.com

The login command

For this command to execute successfully you have to have your AWS credentials stored in the credentials file and your IAM principal has to have the necessary permission. Make sure you use the right region, as it is a common mistake.

The result of the executed login command

This command retrieves an authentication token using the GetAuthorizationToken API and then redirects it using the pipe (|) to the login command of the container client, the Docker CLI in my case. The authorization token is valid for 12 hours.

4. Push the image to AWS ECR

To push the image to the AWS ECR we will execute the following command:

# Command
$docker image push <IMAGE_NAME[:TAG]>

# example with my image
$docker image push 708995052028.dkr.ecr.us-east-2.amazonaws.com/ecr-tutorial-image:latest

The push image command

As you can see, to push the image I've used the tag created in step 2 of this tutorial.

The result of the executed push image command

Now the image is in my repository created in step 1.

The image in the repository

Summary

This tutorial shows how in easy steps we can push any image to the AWS ECR repository. Thank you for reading! If you have any questions or suggestions, please feel free to write me on my LinkedIn account.