In this 6-part series on configuring a CI/CD pipeline using Customized Docker image on an Apache Web Server, Application Load Balancer, ECS, ECR, CodeCommit, CodeBuild, CodeDeply services -
In the 1st article, we will deploy a Custom Docker Image with Centos on an Apache web server and Save it to AWS ECR Repository.
Letβs get started!
Please visit my GitHub Repository for Docker/ECS/ECR articles on various topics being updated on constant basis.
Objectives:
1. Launch and EC2 instance, Connect (SSH) to EC2 Instance thru Putty
2. Allocating an Elastic IP to EC2 Instance
3. Create role for EC2 instance in order to be able to push the image to ECR Registry
4. Install Docker and pull latest image of Centos
5. Installing Apache web server through Dockerfile
6. Tagging and Building a Customized image
7. Create a Private Repository - my-ecr in region us-east-1, tag and push the customized Docker image to ECR
Pre-requisites:
- AWS user account with admin access, not a root account.
- AWS CLI.
Resources Used:
What is Amazon Elastic Container Registry?
Amazon Elastic Container Service
Steps for implementation to this project:
1. Launch an EC2 instance, Connect (SSH) to EC2 Instance thru Putty
- Launch an EC2 instance
Go to EC2 Dashboard, Launch instance, my-ec2, Select t2.micro. NVirKey, default vpc, subnets - no preference, Auto-assign public IP - enable, Create Security group, SSH with 0.0.0.0/0, Add security group rule, HTTP, 80, 0.0.0.0/0
- Launch instance
- Connect (SSH) to EC2 Instance thru Putty
2. Allocating an Elastic IP to EC2 Instance
Go to EC2 Dashboard, Click Elastic IPs in the Network and Security section, Allocate Elastic IP address, default values
- Allocate
Click on Actions and choose Associate Elastic IP address, instance - my-ec2
3. Create role for EC2 instance in order to be able to push the image to ECR Registry
On IAM dashboard, Policies, Create policies, delete the default text and paste this code, Next: Tags, Next: Review, ecr-policy
Create policy
ecr-policy
{
"Version": "2012-10-17",
"Id": "ecr-policy",
"Statement": [
{
"Sid": "AllowAll",
"Effect": "Allow",
"Action": "ecr:*",
"Resource": "*"
}
]
}
On IAM dashboard, Roles, Create role, Use case - EC2, Next, select ecr-policy, Next, ecr-role
Create role
Add Role to EC2 instance
-
Go to EC2 Dashboard, select EC2 instance, Actions, Security, Modify IAM role, choose ecr-role, Update IAM role
- Update IAM Role
4. Install Docker and pull latest image of Centos
- Run the following CLI commands on the EC2 instance
sudo su
yum update -y
yum install docker -y
systemctl enable docker.service
systemctl start docker.service
systemctl status docker.service
docker pull centos:latest
docker images
5. Installing Apache web server through Dockerfile
Creating dockerfile, index.html file
- Run the following CLI commands on the EC2 instance
cd /opt/
mkdir docker
cd docker
Create 2 files
1st file - Dockerfile
vi dockerfile, add the following code, save the file
# defines the container where we want to run all the projects.
FROM centos:latest
# maintaining the container
MAINTAINER Joshi
RUN cd /etc/yum.repos.d/
RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
# updating the neccessary packages
RUN yum -y update
# installing apache web server
RUN yum -y install httpd
# copying the index.html
COPY index.html /var/www/html/
# httpd service status must be ON every time.
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
# exposing port 80
EXPOSE 80
2nd file - index.html file
vi index.html, add the following code, save the file
<html>
<body>
<h1> Welcome, this is an Customized Docker image on an Apache Web server </h1>
</body>
</html>
6. Tagging and Building a Customized image
- give a customized name my_apache_image to the image, build and tag
docker build -t my_apache_image .
docker images
- run the image as a container locally
- include -d - to run the container in detached mode so that it runs continuously in the background
docker run -itd -p 80:80 my_apache_image
- Check our customized image
docker ps
- check the apache server, copy and paste the IP address of the EC2 Instance in the browser
7. Create a Private Repository - my-ecr in region us-east-1,tag and push the customized Docker image to ECR**
- Create a Private Repository - my-ecr
On Amazon Elastic Container Registry, Repositories, Create repository, my-ecr
- Create repository
Click on the created ECR Repository and click on View push commands.
Copy the first command to authenticate/login to the ECR
Run these command on the EC2 instance in the docker folder
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com
Tag the container with the customized image
Run these command on the EC2 instance in the docker folder
docker tag my-ecr:latest <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest
docker tag my_apache_image:latest <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest
- Check the docker images
docker images
Push the image using the docker push command
Run these command on the EC2 instance in the docker folder
docker push <YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest
- Note down image URI
<YOUR ACCOUNT NUMBER>.dkr.ecr.us-east-1.amazonaws.com/my-ecr:latest
What we have done so far
- We have successfully launched an EC2 instance, installed Docker, and created a Private Elastic Container Registry (ECR) and pushed a customized image to ECR.
Top comments (1)
You asked for feedback so here we go:
AWS Sessions Manager
AWS Sessions Manager to connect to the instance instead of connecting through SSH, this way you don't need to manage the SSH key and you get tracking built in.
PoLP
For your policies instead of wildcarding specify the exact resource that needs the resource to practice Principle of Least Privilege (PolP)
EC2 Docker Install
There are EC2 instances that already have Docker installed and so in practice it may be better to use those because they are configured and maintained by AWS.
Instead of SSH into the server and running the commands manully put it in the User Data as a bash script.
Alternatively you can creata SSM Automation / Run Command to to install docker on the machine
Optimize the Dockerfile
You can reduce the amount of layers by grouping specific commands in.
Store Base Image in ECR
Here you are referencing the base image from docker hub.
You can hit docker limits which can fail builds so its in practice you want to
have the base image in ECR and reference that.
Written Documentation
All the visual steps are great, this article needs better supporting written instructions around each step.