Open in app

Sign up

Sign in

Write

Sign up

Sign in

How to push Docker Images to Amazon ECR with Bitbucket Pipeline

Thomas Strohmeier
byte\schneiderei
Published in
2 min readOct 31, 2017

--

I had the need to automatically build and push a docker image to the Amazon AWS ECR out of an Bitbucket Pipeline.

In AWS IAM you can create a user and give him read an write permissions to your ECR Registry. The IAM provides you a access key and a secret key.

First I tried to use this two keys as user and password in the guide provided by Atlassian:

- docker login -u $DOCKER_USER -p $DOCKER_PASSWORD

Source: https://confluence.atlassian.com/bitbucket/build-and-push-a-docker-image-to-a-container-registry-884351903.html

This didn’t worked out. Also AWSLabs propose a solution with DockerHub: https://bitbucket.org/awslabs/amazon-ecs-bitbucket-pipelines-python/src

In a Atlassian Forum a user suggested to use the awscli to get a token and use the received one to login with docker login. (Link)

After trying to solve the login issue with the token, I found out that there is a simpler solution. You only have to run the awscli ecr login command and push your images to Amazon’s ECR.

This is my final working version:

First you have to create a user in AWS IAM. For this user I have allowed the following actions:

"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"

For this user you can create the access key and the secret key which you will need in the next step.

Next you have to define following environment variables in the Bitbucket Pipeline settings:

  • AWS_DEFAULT_REGION
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY [check “Secured” here]
  • AWS_REGISTRY_URL

Environment variables have the highest priority for the aws-cli and, as Charton Sapinoso mentioned below, aws-cli will pick them up, when these are defined. For more details please read the documentation: AWS Documentation

Finally you can use the following snippet in your pipeline to push the image:

To speed up the pipeline process, I created a docker image (tstrohmeier/awscli) where the awscli is already installed.

PS: If you have an idea how to improve this setup, I would be happy If you leave a comment ;)

Update: I also wrote a “How To” on how to automatically deploy a service to a ECS cluster:

How to setup a continuous deployment from Bitbucket Pipeline to Amazon ECS

I explain my solution for automatically deploying docker images to an Amazon ECS Cluster

blog.byteschneiderei.com

Docker
AWS
Bitbucket
Pipeline
Ecr

--

--

Thomas Strohmeier
byte\schneiderei
Follow

Written by Thomas Strohmeier

91 Followers

Entrepreneur | Student @ TU Graz | Software Engineer | DevOps | love learning & teaching | business software | privacy | https://byteschneiderei.com

Follow

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams