Build and Push Docker Image to Amazon ECR Using Terraform | Step by Step
Docker makes it easy to create, deploy, and run applications in containers, while Amazon ECR (Elastic Container Registry) provides a secure, scalable registry for Docker images. By combining Docker, AWS ECR, and Terraform, you can automate the entire process of building and pushing Docker images, ensuring a smooth, reproducible workflow for your DevOps pipeline.
Prerequisites
Before you begin, make sure you have the following tools installed and configured:
- Docker: Installed on your local machine.
- Terraform: Installed and configured.
- AWS CLI: Installed and authenticated with the right permissions to access ECR.
- Basic knowledge of Docker, Terraform, and AWS.
Step 1: Create a Dockerfile in the App Folder
First, create a directory for your application and add Dockerfile to it.
mkdir app && touch app/DockerfileAdd the following content to your Dockerfile:
FROM jupyter/base-notebook:x86_64-ubuntu-22.04
WORKDIR /app
COPY requirements.txt /app
RUN pip install -r requirements.txt
EXPOSE 80This Dockerfile creates a Jupyter Notebook container and installs the dependencies from a requirements.txt file.
Step 2: Set Up Terraform Providers for AWS and Docker
In your Terraform configuration file provider.tf set up the necessary providers for AWS and Docker
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}
data "aws_ecr_authorization_token" "token" {}
provider "docker" {
host = "unix:///Users/<Your_User_Name>/.docker/run/docker.sock" # MacOS path
registry_auth {
address = data.aws_ecr_authorization_token.token.proxy_endpoint
username = data.aws_ecr_authorization_token.token.user_name
password = data.aws_ecr_authorization_token.token.password
}
}
provider "aws" {
region = "us-east-1"
}Notes
- Replace
<Your_User_Name>with your machine's username. This is required for the path to your local Docker socket. - If you’re using Ubuntu, change the host to:
host = "unix:///var/run/docker.sock"host is a local docker installed path, it is required because Terraform builds the docker image first locally and then deploys it to ECR
The aws_ecr_authorization_token data source automatically validates your AWS credentials and connects your local Docker provider with AWS ECR.
Step 3: Create the ECR Repository
Define the AWS ECR repository in your Terraform configuration file like ecr.tf. This repository will store your Docker images.
resource "aws_ecr_repository" "jupyter_ecr_repository" {
name = "jupyter-notebook"
image_tag_mutability = "MUTABLE"
image_scanning_configuration {
scan_on_push = true
}
}You can modify the repository settings based on your requirements (e.g., enabling image scanning on push, setting immutability, etc.).
Step 4: Build the Docker Image Using Terraform
Now, define the docker_image resource in Terraform to build your Docker image.
resource "docker_image" "jupyter_app_image" {
name = "jupyter-notebook-image"
build {
context = "./app/" # Path to Dockerfile
tag = ["${aws_ecr_repository.jupyter_ecr_repository.repository_url}:v1"]
}
}- The context attribute refers to the location of your
Dockerfile. - The tag attribute specifies the image tag (e.g.,
v1).
Step 5: Push the Docker Image to ECR
Finally, use the docker_registry_image resource to push your built image to ECR.
resource "docker_registry_image" "jupyter_push_image" {
name = "${aws_ecr_repository.jupyter_ecr_repository.repository_url}:v1"
depends_on = [docker_image.jupyter_app_image]
}- This resource takes the Docker image that was built locally and pushes it to the ECR repository you created earlier.
v1is image tag
Conclusion
In this tutorial, we have successfully walked through the process of building and pushing a Docker image to Amazon ECR using Terraform. By leveraging Terraform to automate infrastructure management, you ensure a consistent, repeatable, and error-free workflow for your Docker-based applications.
