How to create a public repository in Amazon Elastic Container Registry (ECR) using AWS CLI?

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

Today we will discuss how to create a public repository in AWS Elastic Container Registry (ECR) using
AWS CLI. We will also discuss on how to push and pull a docker image from AWS ECR public
repository using AWS CLI.

What is Elastic Container Public Registry (ECR)?

Amazon Elastic Container Public Registry is a managed AWS container image registry service that is
secure, scalable, and reliable. Amazon ECR supports public image repositories with resource-based
permissions using AWS IAM so that specific users can access your public repositories to push images.
Developers can use their preferred CLI to push and manage Docker images, Open Container Initiative
(OCI) images, and OCI compatible artifacts. Your images are publicly available to pull, either
anonymously or using an Amazon ECR Public authentication token.

Components of AWS ECR Public Registry:

Amazon ECR Public Gallery:

The Amazon ECR Public Gallery is the public portal that lists all public repositories hosted on Amazon
ECR Public. Visit the Amazon ECR Public Gallery at https://gallery.ecr.aws.com

Registry:

A public registry is provided to each AWS account; you can create public image repositories in your
public registry and store images in them.

Authorization token:

Your client must authenticate to a public registry as an AWS user before it can push images to a
public repository. For image pulls, Amazon ECR Public accepts both anonymous pulls and pulls using
an authentication token.

Repository:

An Amazon ECR image repository contains your Docker images, Open Container Initiative (OCI)
images, and OCI compatible artifacts.

Repository policy:

You can control access to your repositories and the images within them with repository policies.

Image:

You can push and pull container images to your repositories. You can use these images locally on
your development system, or you can use them in Amazon ECS task definitions and Amazon EKS pod
specifications.

Enough of theory, let us create a new public repository in AWS ECR using CLI.

How to create a public repository in Amazon Elastic Container Registry (ECR) using AWS CLI?
Prerequisites:

AWS CLI and Docker installed and configured.

Step 1: Get details on your AWS ECR public registry using AWS CLI.

## Get details on AWS ECR public registry

aws ecr-public describe-registries \
--region us-east-1

## {
##     "registries": [
##         {
##             "registryId": "<AWS_ACCOUNT_ID>",
##             "registryArn":
"arn:aws:ecr-public::<AWS_ACCOUNT_ID>:registry/<AWS_ACCOUNT_ID>",
##             "registryUri": "public.ecr.aws/p4j8n4a3",
##             "verified": false,
##             "aliases": [
##                 {
##                     "name": "p4j8n4a3",
##                     "status": "ACTIVE",
##                     "primaryRegistryAlias": true,
##                     "defaultRegistryAlias": true
##                 }
##             ]
##         }
##     ]
## }

Note: When you create a new AWS account, AWS automatically assigns a public registry in “us-east-
1” region of your ECR service.

Step 2: Set a display name for your ECR public registry.

## Set a display name for ECR public registry

aws ecr-public put-registry-catalog-data \
--display-name "cloudaffaire" \
--region us-east-1

## Check if display name was set properly

aws ecr-public get-registry-catalog-data \
--region us-east-1

## {
##     "registryCatalogData": {
##         "displayName": "cloudaffaire"
##     }
## }
Note: This display name will be visible to the public in AWS public image gallery

Step 3: Create a new public repository in AWS ECR using AWS CLI.

## Get a logo for your public ECR repository (optional)

wget --no-check-certificate https://avatars.githubusercontent.com/u/78044749?
v=4 -O logo.png

## Create public repository configuration file

cat << EOF > public_ecr_repo.json
{
    "description": "This is a test public ECR repository",
    "architectures": [
        "x86"
    ],
    "operatingSystems": [
        "Linux"
    ],
    "logoImageBlob": "$(cat logo.png |base64 -w 0)",
    "aboutText": "This repository is created for demo purpose",
    "usageText": "This repository is not for public use."
}
EOF

## Create a public repository in ECR

aws ecr-public create-repository \
--repository-name my_public_repo \
--catalog-data file://public_ecr_repo.json \
--region us-east-1

## {
##     "repository": {
##         "repositoryArn":
"arn:aws:ecr-public::<AWS_ACCOUNT_ID>:repository/my_public_repo",
##         "registryId": "<AWS_ACCOUNT_ID>",
##         "repositoryName": "my_public_repo",
##         "repositoryUri": "public.ecr.aws/p4j8n4a3/my_public_repo",
##         "createdAt": "2022-03-07T10:58:31.608000+00:00"
##     },
##     "catalogData": {
##         "description": "This is a test public ECR repository",
##         "architectures": [
##             "x86"
##         ],
##         "operatingSystems": [
##             "Linux"
##         ],
##         "logoUrl":
"https://<some_junk>.cloudfront.net/logo/<some_junk>.png",
##         "aboutText": "This repository is created for demo purpose",
##         "usageText": "This repository is not for public use."
##     }
## }

You can also create a new public ECR repository from AWS management console.

Step 4: Get details on AWS ECR public repository using AWS CLI.

## Get ecr public repository details

aws ecr-public describe-repositories \
--region us-east-1

## {
##     "repositories": [
##         {
##             "repositoryArn": "arn:aws:ecr-
public::<AWS_ACCOUNT_ID>:repository/my_public_repo",
##             "registryId": "<AWS_ACCOUNT_ID>",
##             "repositoryName": "my_public_repo",
##             "repositoryUri": "public.ecr.aws/p4j8n4a3/my_public_repo",
##             "createdAt": "2022-03-07T10:58:31.608000+00:00"
##         }
##     ]
## }

## Get ecr public repository catalog data

aws ecr-public get-repository-catalog-data \
--repository-name my_public_repo \
--region us-east-1
## {
##     "catalogData": {
##         "description": "This is a test public ECR repository",
##         "architectures": [
##             "x86"
##         ],
##         "operatingSystems": [
##             "Linux"
##         ],
##         "logoUrl":
"https://<some_junk>.cloudfront.net/logo/<some_junk>.png",
##         "aboutText": "This repository is created for demo purpose",
##         "usageText": "This repository is not for public use."
##     }
## }

Next, we will create a docker image in our local system and authenticate, tag and push the docker
image to AWS ECR public repository.

Step 5: Create a new docker image and push the image to AWS ECR public repository.

## Create a Dockerfile
cat << EOF > Dockerfile
FROM ubuntu:18.04

# Install dependencies
RUN apt-get update && \
 apt-get -y install apache2

# Install apache and write hello world message

RUN echo 'Hello World!' > /var/www/html/index.html

# Configure apache
RUN echo '. /etc/apache2/envvars' > /root/run_apache.sh && \
 echo 'mkdir -p /var/run/apache2' >> /root/run_apache.sh && \
 echo 'mkdir -p /var/lock/apache2' >> /root/run_apache.sh && \
 echo '/usr/sbin/apache2 -D FOREGROUND' >> /root/run_apache.sh && \
 chmod 755 /root/run_apache.sh

EXPOSE 80

CMD /root/run_apache.sh
EOF

## Create a docker image

docker build -t myimage .
## Check if the docker image was created successfully
docker images --filter reference=myimage

## Authenticate yourself to the AWS ECR public registry

aws ecr-public get-login-password \
--region us-east-1 | docker login \
--username AWS --password-stdin public.ecr.aws

## Get ecr repository url

URL=$(aws ecr-public describe-repositories \
--region us-east-1 | jq -r .repositories[].repositoryUri ) && echo $URL

## returns public.ecr.aws/p4j8n4a3/my_public_repo

## TAG you docker image form ECR public repository

docker tag myimage:latest $URL

## PUSH a docker image from a private ECR repository

docker push $URL

## PULL a docker image from a private ECR repository

## docker pull $URL:latest

Step 6: Get details on the public image in your ECR repository.

## Get metadata about the images in a repository

aws ecr-public describe-images \
--repository-name my_public_repo \
--image-ids imageTag=latest \
--region us-east-1

## {
##     "imageDetails": [
##         {
##             "registryId": "<AWS_ACCOUNT_ID>",
##             "repositoryName": "my_public_repo",
##             "imageDigest": "sha256:<some_junk>",
##             "imageTags": [
##                 "latest"
##             ],
##             "imageSizeInBytes": 86243237,
##             "imagePushedAt": "2022-03-08T13:51:37+00:00",
##             "imageManifestMediaType":
"application/vnd.docker.distribution.manifest.v2+json"
##         }
##     ]
## }
You can also view your public images in AWS public image gallery.

Step 7: Clean up.

## Delete the image

aws ecr-public batch-delete-image \
--repository-name my_public_repo \
--image-ids imageTag=latest \
--region us-east-1

## Delete the public repository

aws ecr-public delete-repository \
--repository-name my_public_repo \
--force \
--region us-east-1

Hope you have enjoyed this article, to get more details on AWS ECR, please follow below link.

https://docs.aws.amazon.com/ecr/index.html