1
00:00:00,400 --> 00:00:03,230
‫One thing that can come up in Amazon ECR is how

2
00:00:03,230 --> 00:00:07,170
‫to use the CLI to pull and push images to Amazon ECR.

3
00:00:07,170 --> 00:00:09,850
‫So first, there is a login command

4
00:00:09,850 --> 00:00:12,170
‫and this login command is going to give you

5
00:00:12,170 --> 00:00:15,630
‫docker credentials for your docker CLI.

6
00:00:15,630 --> 00:00:18,580
‫So the idea is that you use the AWS ECR

7
00:00:18,580 --> 00:00:21,330
‫get login password command line in the face

8
00:00:21,330 --> 00:00:22,970
‫and I will demo it to you.

9
00:00:22,970 --> 00:00:25,690
‫And then you pass the output of that command

10
00:00:25,690 --> 00:00:28,160
‫into a docker login command,

11
00:00:28,160 --> 00:00:29,820
‫which is going to allow docker,

12
00:00:29,820 --> 00:00:32,540
‫your docker CLI on your computer to connect

13
00:00:32,540 --> 00:00:35,920
‫to your private repository on AWS.

14
00:00:35,920 --> 00:00:37,450
‫And once you have done that,

15
00:00:37,450 --> 00:00:39,730
‫then you can run some basic docker commands

16
00:00:39,730 --> 00:00:41,710
‫to pull and push images.

17
00:00:41,710 --> 00:00:44,170
‫So to push an image, we just do docker push

18
00:00:44,170 --> 00:00:48,550
‫and we specify the account ID and the region of Amazon AWS

19
00:00:48,550 --> 00:00:49,890
‫as well as your image name.

20
00:00:49,890 --> 00:00:53,365
‫And to do a pull well is the same with docker pull.

21
00:00:53,365 --> 00:00:57,370
‫And if you cannot push or pull a docker image,

22
00:00:57,370 --> 00:00:59,510
‫then that means that you don't have the right

23
00:00:59,510 --> 00:01:00,850
‫IM permissions.

24
00:01:00,850 --> 00:01:02,320
‫Now let me demo these cammands to you

25
00:01:02,320 --> 00:01:05,090
‫so you understand what I'm talking about.

26
00:01:05,090 --> 00:01:07,440
‫So in our test definition from before we were

27
00:01:07,440 --> 00:01:09,670
‫running a image, okay

28
00:01:09,670 --> 00:01:14,040
‫and this image was called nginexdemos/hello.

29
00:01:14,040 --> 00:01:18,110
‫And to type this, you're going to land on hub.docker.com.

30
00:01:18,110 --> 00:01:21,290
‫And so this is why when we downloaded this image

31
00:01:21,290 --> 00:01:25,760
‫it was directly ending a up on ECS through this docker hub.

32
00:01:25,760 --> 00:01:28,080
‫So actually our EC2 instance was pulling an

33
00:01:28,080 --> 00:01:30,080
‫image from the docker hub.

34
00:01:30,080 --> 00:01:31,040
‫But say we wanted to

35
00:01:31,040 --> 00:01:36,040
‫host that image for reasons onto our private ECR repository.

36
00:01:36,410 --> 00:01:38,850
‫Therefore we would go into Amazon ECR

37
00:01:38,850 --> 00:01:42,160
‫and then we would create a private repository.

38
00:01:42,160 --> 00:01:43,890
‫And then we would name it something,

39
00:01:43,890 --> 00:01:46,583
‫for example, demostephane.

40
00:01:49,470 --> 00:01:54,470
‫Okay, next you can see different options for Amazon ECR.

41
00:01:54,980 --> 00:01:56,310
‫For example tag immutability

42
00:01:56,310 --> 00:01:59,230
‫that prevents you to push the same tag twice,

43
00:01:59,230 --> 00:02:01,700
‫or image scan to scan your images on push

44
00:02:01,700 --> 00:02:06,320
‫to make sure they don't have any kind of security issues.

45
00:02:06,320 --> 00:02:08,750
‫Although there is a deprecation of this feature,

46
00:02:08,750 --> 00:02:11,110
‫and it's better to use registry level scan filters

47
00:02:11,110 --> 00:02:13,140
‫which is called Amazon Inspector.

48
00:02:13,140 --> 00:02:15,320
‫And finally, whether or not you want to encrypt

49
00:02:15,320 --> 00:02:17,840
‫your Amazon ECR repository with KMS.

50
00:02:17,840 --> 00:02:19,270
‫But I will just leave everything disabled

51
00:02:19,270 --> 00:02:22,068
‫and I will go ahead and create my repository.

52
00:02:22,068 --> 00:02:24,840
‫So you can see we have public and private repositories.

53
00:02:24,840 --> 00:02:26,970
‫And the difference is that public repos

54
00:02:26,970 --> 00:02:29,970
‫are going to allow anyone to pull our images.

55
00:02:29,970 --> 00:02:32,380
‫Whereas private repos allow just us

56
00:02:32,380 --> 00:02:36,370
‫with the right IM permissions to pull some images.

57
00:02:36,370 --> 00:02:37,840
‫Okay so here we go.

58
00:02:37,840 --> 00:02:39,770
‫We're going to click on this repo

59
00:02:39,770 --> 00:02:42,460
‫and as we can see, we have 0 images.

60
00:02:42,460 --> 00:02:44,030
‫So you can click on push commands

61
00:02:44,030 --> 00:02:45,580
‫and these commands are going to be different

62
00:02:45,580 --> 00:02:49,460
‫if you have Mac or Linux or Windows.

63
00:02:49,460 --> 00:02:52,010
‫And so we're going to use the one for Mac and Linux,

64
00:02:52,010 --> 00:02:53,330
‫but again, if you're on Windows

65
00:02:53,330 --> 00:02:56,630
‫and you want to follow along, then just use these comments.

66
00:02:56,630 --> 00:02:57,463
‫Okay?

67
00:02:58,320 --> 00:02:59,830
‫So the first thing to check is

68
00:02:59,830 --> 00:03:02,730
‫whether or not docker is enabled and running,

69
00:03:02,730 --> 00:03:04,490
‫and you need to have docker running

70
00:03:04,490 --> 00:03:05,930
‫on your computer and installed.

71
00:03:05,930 --> 00:03:07,530
‫And I won't show you how to do this, but for me

72
00:03:07,530 --> 00:03:08,830
‫it is running right now.

73
00:03:08,830 --> 00:03:09,850
‫And if I do docker version

74
00:03:09,850 --> 00:03:11,713
‫I have a recent version of docker.

75
00:03:13,040 --> 00:03:15,150
‫Next thing to set up, obviously your CLI

76
00:03:15,150 --> 00:03:17,503
‫and then you will be able to run this command.

77
00:03:18,340 --> 00:03:21,733
‫So let's copy this command and I'm going to paste it in.

78
00:03:24,170 --> 00:03:26,270
‫And then it says, login succeeded.

79
00:03:26,270 --> 00:03:29,230
‫So if I did this command only on its own, okay.

80
00:03:29,230 --> 00:03:30,853
‫If I did this get login password,

81
00:03:30,853 --> 00:03:32,264
‫it's going to give me a password

82
00:03:32,264 --> 00:03:33,790
‫that's going to be used

83
00:03:33,790 --> 00:03:37,920
‫by my docker login command with the username AWS.

84
00:03:37,920 --> 00:03:40,260
‫And so therefore this password is going to get

85
00:03:40,260 --> 00:03:44,170
‫passed all the way into this command right here.

86
00:03:44,170 --> 00:03:46,430
‫So I'm logged in and this is good.

87
00:03:46,430 --> 00:03:50,520
‫And next, what I need to do is to build tag and push images.

88
00:03:50,520 --> 00:03:52,000
‫So we don't have anything to build,

89
00:03:52,000 --> 00:03:54,710
‫but what I'm going to do is pull this image

90
00:03:54,710 --> 00:03:56,370
‫and then rename it.

91
00:03:56,370 --> 00:03:58,870
‫So I'm going to do docker pull as well

92
00:03:58,870 --> 00:04:00,858
‫as the nginexdemos/hello.

93
00:04:00,858 --> 00:04:02,860
‫And it's going to pull the image for me.

94
00:04:02,860 --> 00:04:03,693
‫So I already pulled it,

95
00:04:03,693 --> 00:04:06,500
‫but for you it would go into a download.

96
00:04:06,500 --> 00:04:10,270
‫And then you need to do what's called a docker tag command.

97
00:04:10,270 --> 00:04:11,510
‫So you do docker tag

98
00:04:11,510 --> 00:04:12,770
‫you paste this command,

99
00:04:12,770 --> 00:04:14,040
‫you paste it in.

100
00:04:14,040 --> 00:04:16,360
‫And so the first thing we're going to change.

101
00:04:16,360 --> 00:04:20,710
‫So we're going to actually rename the first one.

102
00:04:20,710 --> 00:04:23,870
‫So the first bits, and we're going to do docker tag

103
00:04:23,870 --> 00:04:27,880
‫and we paste in nginexdemo/hello latest

104
00:04:29,050 --> 00:04:32,870
‫into, well this thing, which is my repository name,

105
00:04:32,870 --> 00:04:33,703
‫my image name

106
00:04:33,703 --> 00:04:34,960
‫as well as my tag.

107
00:04:34,960 --> 00:04:36,250
‫So lets press enter.

108
00:04:36,250 --> 00:04:38,590
‫And that means that this image right here

109
00:04:38,590 --> 00:04:41,350
‫has been also renamed to be like this.

110
00:04:41,350 --> 00:04:43,893
‫Why? Well, because if you do docker push.

111
00:04:45,890 --> 00:04:47,910
‫And then you paste in this whole image

112
00:04:48,910 --> 00:04:50,620
‫then docker is smart enough to know

113
00:04:50,620 --> 00:04:54,830
‫that it should be pushing into our Amazon ECR repository.

114
00:04:54,830 --> 00:04:55,663
‫So let's try it out.

115
00:04:55,663 --> 00:04:56,880
‫Let's press enter.

116
00:04:56,880 --> 00:04:58,810
‫And as you can see, the image is being pushed.

117
00:04:58,810 --> 00:05:00,677
‫And so it pushes data into AWS.

118
00:05:01,530 --> 00:05:02,940
‫And now this is done.

119
00:05:02,940 --> 00:05:04,550
‫And this worked because I was currently

120
00:05:04,550 --> 00:05:08,620
‫and correctly authenticated with my ECR repository.

121
00:05:08,620 --> 00:05:09,453
‫And if I wasn't

122
00:05:09,453 --> 00:05:12,183
‫I would get an IM permission issue right here.

123
00:05:13,230 --> 00:05:16,660
‫And so if we refresh this, as we can see

124
00:05:16,660 --> 00:05:19,400
‫we see in my repository demostephane

125
00:05:19,400 --> 00:05:24,100
‫the latest image for my image named demostephane

126
00:05:24,100 --> 00:05:27,050
‫and you can click on it and use some information.

127
00:05:27,050 --> 00:05:28,300
‫And now thanks to this image.

128
00:05:28,300 --> 00:05:32,100
‫I could go ahead set up my own task definition

129
00:05:32,100 --> 00:05:33,060
‫with this image.

130
00:05:33,060 --> 00:05:35,420
‫And it would be pulling directly this image

131
00:05:35,420 --> 00:05:38,840
‫from the ECR and not from the docker hub.

132
00:05:38,840 --> 00:05:40,520
‫Okay. So I hope that was helpful.

133
00:05:40,520 --> 00:05:41,384
‫I hope you like this lecture

134
00:05:41,384 --> 00:05:43,733
‫and I will see you in the next lecture.