DEV Community

Revathi Joshi for AWS Community Builders

Posted on

6-part series - (1) Deploy a Custom Docker Image with Centos on an Apache web server and Save it to AWS ECR Repository

In this 6-part series on configuring a CI/CD pipeline using Customized Docker image on an Apache Web Server, Application Load Balancer, ECS, ECR, CodeCommit, CodeBuild, CodeDeply services -

In the 1st article, we will deploy a Custom Docker Image with Centos on an Apache web server and Save it to AWS ECR Repository.

Let’s get started!

Please visit my GitHub Repository for Docker/ECS/ECR articles on various topics being updated on constant basis.

Objectives:

1. Launch and EC2 instance, Connect (SSH) to EC2 Instance thru Putty

2. Allocating an Elastic IP to EC2 Instance

3. Create role for EC2 instance in order to be able to push the image to ECR Registry

4. Install Docker and pull latest image of Centos

5. Installing Apache web server through Dockerfile

6. Tagging and Building a Customized image

7. Create a Private Repository - my-ecr in region us-east-1, tag and push the customized Docker image to ECR

Pre-requisites:

  • AWS user account with admin access, not a root account.
  • AWS CLI.

Resources Used:

What is Amazon Elastic Container Registry?

Amazon Elastic Container Service

Steps for implementation to this project:

1. Launch an EC2 instance, Connect (SSH) to EC2 Instance thru Putty

  • Launch an EC2 instance

Go to EC2 Dashboard, Launch instance, my-ec2, Select t2.micro. NVirKey, default vpc, subnets - no preference, Auto-assign public IP - enable, Create Security group, SSH with 0.0.0.0/0, Add security group rule, HTTP, 80, 0.0.0.0/0

  • Launch instance

Image description

  • Connect (SSH) to EC2 Instance thru Putty

Image description

2. Allocating an Elastic IP to EC2 Instance

Go to EC2 Dashboard, Click Elastic IPs in the Network and Security section, Allocate Elastic IP address, default values

  • Allocate

Image description

Click on Actions and choose Associate Elastic IP address, instance - my-ec2

Image description

3. Create role for EC2 instance in order to be able to push the image to ECR Registry

  • On IAM dashboard, Policies, Create policies, delete the default text and paste this code, Next: Tags, Next: Review, ecr-policy

  • Create policy

ecr-policy

{
    "Version": "2012-10-17",
    "Id": "ecr-policy",
    "Statement": [
        {
            "Sid": "AllowAll",
            "Effect": "Allow",
            "Action": "ecr:*",
            "Resource": "*"
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

Image description

  • On IAM dashboard, Roles, Create role, Use case - EC2, Next, select ecr-policy, Next, ecr-role

  • Create role

Image description

Add Role to EC2 instance

  • Go to EC2 Dashboard, select EC2 instance, Actions, Security, Modify IAM role, choose ecr-role, Update IAM role

Image description

  • Update IAM Role

Image description

4. Install Docker and pull latest image of Centos

  • Run the following CLI commands on the EC2 instance
sudo su
yum update -y
yum install docker -y 
systemctl enable docker.service
systemctl start docker.service
systemctl status docker.service

docker pull centos:latest
docker images
Enter fullscreen mode Exit fullscreen mode

Image description

5. Installing Apache web server through Dockerfile

Creating dockerfile, index.html file

  • Run the following CLI commands on the EC2 instance
cd /opt/
mkdir docker
cd docker
Enter fullscreen mode Exit fullscreen mode
  • Create 2 files

  • 1st file - Dockerfile

  • vi dockerfile, add the following code, save the file

# defines the container where we want to run all the projects.
FROM centos:latest

# maintaining the container
MAINTAINER Joshi
RUN cd /etc/yum.repos.d/
RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*

# updating the neccessary packages
RUN yum -y update

# installing apache web server
RUN yum -y install httpd

# copying the index.html
COPY index.html /var/www/html/

# httpd service status must be ON every time.
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

# exposing port 80
EXPOSE 80
Enter fullscreen mode Exit fullscreen mode
  • 2nd file - index.html file

  • vi index.html, add the following code, save the file

<html>
    <body>
        <h1> Welcome, this is an Customized Docker image on an Apache Web server </h1>
    </body>
</html>
Enter fullscreen mode Exit fullscreen mode

Image description

6. Tagging and Building a Customized image

  • give a customized name my_apache_image to the image, build and tag
docker build -t my_apache_image .

docker images
Enter fullscreen mode Exit fullscreen mode

Image description

  • run the image as a container locally
  • include -d - to run the container in detached mode so that it runs continuously in the background
docker run -itd -p 80:80 my_apache_image
Enter fullscreen mode Exit fullscreen mode
  • Check our customized image
docker ps
Enter fullscreen mode Exit fullscreen mode

Image description

  • check the apache server, copy and paste the IP address of the EC2 Instance in the browser

Image description

7. Create a Private Repository - my-ecr in region us-east-1,tag and push the customized Docker image to ECR**

  • Create a Private Repository - my-ecr

On Amazon Elastic Container Registry, Repositories, Create repository, my-ecr

  • Create repository

Image description

Click on the created ECR Repository and click on View push commands.

  • Copy the first command to authenticate/login to the ECR

  • Run these command on the EC2 instance in the docker folder

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com
Enter fullscreen mode Exit fullscreen mode
  • Tag the container with the customized image

  • Run these command on the EC2 instance in the docker folder

docker tag my-ecr:latest <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest

docker tag my_apache_image:latest <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest
Enter fullscreen mode Exit fullscreen mode
  • Check the docker images
docker images
Enter fullscreen mode Exit fullscreen mode

Image description

  • Push the image using the docker push command

  • Run these command on the EC2 instance in the docker folder

docker push <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest
Enter fullscreen mode Exit fullscreen mode

Image description

  • Note down image URI

<YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest

Image description

What we have done so far

  • We have successfully launched an EC2 instance, installed Docker, and created a Private Elastic Container Registry (ECR) and pushed a customized image to ECR.

Top comments (1)

Collapse
 
andrewbrown profile image
Andrew Brown πŸ‡¨πŸ‡¦ • Edited

You asked for feedback so here we go:

AWS Sessions Manager

AWS Sessions Manager to connect to the instance instead of connecting through SSH, this way you don't need to manage the SSH key and you get tracking built in.

PoLP

For your policies instead of wildcarding specify the exact resource that needs the resource to practice Principle of Least Privilege (PolP)

EC2 Docker Install

There are EC2 instances that already have Docker installed and so in practice it may be better to use those because they are configured and maintained by AWS.

Instead of SSH into the server and running the commands manully put it in the User Data as a bash script.

Alternatively you can creata SSM Automation / Run Command to to install docker on the machine

Optimize the Dockerfile

You can reduce the amount of layers by grouping specific commands in.

Store Base Image in ECR

Here you are referencing the base image from docker hub.
You can hit docker limits which can fail builds so its in practice you want to
have the base image in ECR and reference that.

FROM centos:latest
Enter fullscreen mode Exit fullscreen mode

Written Documentation

All the visual steps are great, this article needs better supporting written instructions around each step.