Amazon ECR(Amazon Elastic Container Registry)
: Amazon Elastic Container Registry(ECR)는 완전관리형 컨테이너 레지스트리로, 이미지와 아티팩트를 어디서나 쉽게 보관, 관리, 공유 및 배포하도록 지원합니다.
요금(프라이빗 리포지토리)
- inbound - 무료
- outbound - 목적지에 따라 비용이 결정
- 동일 리전(region)
- 동일 AZ(EC2 등) - 무료
- 다른 AZ - GB당 0.01 USD
- 지역 서비스(regional)의 Endpoint(SNS, S3, ECR 등)으로 직접 전송 - 무료
- 다른 리전(region) - GB당 0.08 USD
- 인터넷(아래 표 참고-프라이빗 리포지토리에서 전송된 데이터)
- 동일 리전(region)
ECR 리포지토리
Amazon ECR > 리포지토리 > 리포지토리 생성
nginx 리포지토리 생성
- URL : 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx
Amazon ECR > 리포지토리 > nginx
nginx 리포지토리
awscli 명령
$ aws --version
aws-cli/2.8.12 Python/3.9.11 Linux/5.15.0-1019-aws exe/x86_64.ubuntu.22 prompt/off
$ aws sts get-caller-identity
{
"Account": "4Account",
"UserId": "AIDAUserId",
"Arn": "arn:aws:iam::4Account:user/username01@gmail.com"
}
docker 클라이언트 인증
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com
$ aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com
WARNING! Your password will be stored unencrypted in /home/vagrant/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
도커 이미지 빌드
docker build -t nginx .
도커 이미지에 태그 지정
docker tag nginx:latest 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
AWS 리포지토리로 푸시(docker push)
docker push 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
$ docker push 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
The push refers to repository [4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx]
c72d75f45e5b: Pushed
9a0ef04f57f5: Pushed
d13aea24d2cb: Pushed
2b3eec357807: Pushed
2dadbc36c170: Pushed
8a70d251b653: Pushed
latest: digest: sha256:9a821cadb1b13cb782ec66445325045b2213459008a41c72d8d87cde94b33c8c size: 1570
- 이미지 URL : 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
nginx 도커 이미지 풀(docker pull)
$ docker images --filter=reference="nginx:latest"
REPOSITORY TAG IMAGE ID CREATED SIZE
docker pull 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
$ docker pull 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
latest: Pulling from nginx
3f4ca61aafcd: Pull complete
50c68654b16f: Pull complete
3ed295c083ec: Pull complete
40b838968eea: Pull complete
88d3ab68332d: Pull complete
5f63362a3fa3: Pull complete
Digest: sha256:9a821cadb1b13cb782ec66445325045b2213459008a41c72d8d87cde94b33c8c
Status: Downloaded newer image for 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
docker images --filter=reference="4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest"
$ docker images --filter=reference="4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest"
REPOSITORY TAG IMAGE ID CREATED SIZE
4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx latest 1403e55ab369 6 days ago 142MB
nginx 컨테이너 실행
docker run -d --rm -p 8080:80 --name nginx 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
$ docker run -d --rm -p 8080:80 --name nginx 4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/nginx:latest
1ee36de7171fc3b4fce2a6aa8cd99e7982328fa029dcdbed83a522082111eab9
$ curl localhost:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
ECR 권한
IAM > 역할
EC2 역할(AmazonEC2RoleforSSM)에 AmazonEC2ContainerRegistryFullAccess 권한 부여
정책 필터 : AmazonEC2ContainerRegistry
awscli로 리포지토리(Repositories) 생성
hello-repository 리포지토리 생성
aws ecr create-repository \
--repository-name hello-repository \
--image-scanning-configuration scanOnPush=true \
--region us-east-1
$ aws ecr create-repository \
> --repository-name hello-repository \
> --image-scanning-configuration scanOnPush=true \
> --region us-east-1
{
"repository": {
"repositoryArn": "arn:aws:ecr:us-east-1:4XXXXXXXXXX1:repository/hello-repository",
"registryId": "4XXXXXXXXXX1",
"repositoryName": "hello-repository",
"repositoryUri": "4XXXXXXXXXX1.dkr.ecr.us-east-1.amazonaws.com/hello-repository",
"createdAt": "2022-12-28T10:37:36+09:00",
"imageTagMutability": "MUTABLE",
"imageScanningConfiguration": {
"scanOnPush": true
},
"encryptionConfiguration": {
"encryptionType": "AES256"
}
}
}
참고URL
- AWS CLI에서 Amazon ECR 사용 : https://docs.aws.amazon.com/ko_kr/AmazonECR/latest/userguide/getting-started-cli.html
- Amazon ECR : https://docs.aws.amazon.com/ko_kr/AmazonECR/latest/userguide/what-is-ecr.html
- Amazon Elastic Container Registry 요금 : https://aws.amazon.com/ko/ecr/pricing
- dockerhub 비용 : https://www.docker.com/pricing/
- AWS 데이터 전송비용 정리 : https://ltlkodae.tistory.com/m/27
- aws ecr describe-registry https://docs.aws.amazon.com/cli/latest/reference/ecr/describe-registry.html
- aws ecr describe-images https://docs.aws.amazon.com/cli/latest/reference/ecr/describe-images.html
'퍼블릭 클라우드' 카테고리의 다른 글
Amazon Route 53(cli53) 명령어 도구 (0) | 2023.01.04 |
---|---|
AWS CodeDeploy 에이전트 설치(codedeploy-agent install) (0) | 2023.01.03 |
Packer를 사용하여 AWS 이미지를 빌드할 때 AWS 자격 증명을 제공하는 방법 (0) | 2022.12.22 |
AWS CLI를 사용하여 AMI 등록을 취소하고 EBS 스냅샷을 삭제하는 방법 (0) | 2022.12.22 |
[draft] EC2 인스턴스에 Java를 설치하는 방법 (0) | 2022.12.21 |