AWS ECS: Deploy Docker Container from Bitbucket Pipeline to AWS ECR

bitbucket-pipelines.yml

# enable Docker for your repository
options:
  docker: true

pipelines:
  branches:
    development:
      - step:
          #python image with aws-cli installed
          image: tstrohmeier/awscli:3.8.3
          script:
            # aws login
            - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
            # docker
            - export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
            - docker build -t ${AWS_REGISTRY_URL}:$BUILD_ID .
            - docker push ${AWS_REGISTRY_URL}:$BUILD_ID
            - docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development
            - docker push ${AWS_REGISTRY_URL}:development

Is it working, did you test it?

@bhushankumarl Yes this is working. You have to specify the env. variables in the Bitbucket settings.

$BITBUCKET_BRANCH is only available in:

 pipelines:
  branch:
    xxx:

https://medium.com/byteschneiderei/how-to-push-docker-images-to-amazon-ecr-with-bitbucket-pipeline-84658626ca29

Changed the image from python to tstrohmeier/awscli (preinstalled awscli)

Version update to 3.6.4

Using this configuration I get the following error within Bitbucket pipelines:

rpc error: code = Unknown desc = Error response from daemon: denied: User: arn:aws:sts::715509311748:assumed-role/us-east-1.bbci-prod_node-role/i-05217f220ab8f164b is not authorized to perform: ecr:BatchGetImage on resource: arn:aws:ecr:eu-west-1:028745261605:repository/cryptocurrency-api

@sterichards For my AWS deploy user I have allowed following actions in the AWS IAM:

"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"

I guess ecr:BatchGetImage is missing in your policy config.

Pat 2: https://medium.com/byteschneiderei/how-to-setup-a-continuous-deployment-to-amazon-ecs-with-bitbucket-pipeline-f1931a078f67

Why you push it again with development tag, in docker hub ppl push it with latest tag instead?

Hello

Can you please help on this ? Basically ecr login working but at push stage i am getting below error...

a2530809121f: Preparing
4782fd74f401: Preparing
d9cef133f7d5: Preparing
436c36ea86e2: Preparing
55b0468ae4ac: Preparing
2f9573747b65: Preparing
4a6166f16a0e: Preparing
e02b32b1ff99: Preparing
f75e64f96dbc: Preparing
8f7ee6d76fd9: Preparing
c23711a84ad4: Preparing
90d1009ce6fe: Preparing
no basic auth credentials

after trying MANY scenarios and always ending up with "no basic auth credentials", I finally managed to make it work with this

replace AWS-ECR-IMG-BASE-PATH with your ECR image path

pipelines:
  tags:
    '*':
      - step:
         name: Build docker image and push to Docker hub
         script:
           - curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
           - unzip awscli-bundle.zip
           - ./awscli-bundle/install -b ~/bin/aws
           - export PATH=~/bin:$PATH
           - eval $(aws ecr get-login --region us-east-1 --no-include-email)
           - docker build -t AWS-ECR-IMG-BASE-PATH:$BITBUCKET_TAG .
           - docker push AWS-ECR-IMG-BASE-PATH:$BITBUCKET_TAG
           - docker build -t AWS-ECR-IMG-BASE-PATH:latest .
           - docker push AWS-ECR-IMG-BASE-PATH:latest
options:
  docker: true

That works for me. Needed awscli to be installed :)

              - pip install awscli
              - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
              - export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
              - docker build -f docker/app/Dockerfile -t ${AWS_REGISTRY_URL}:$BUILD_ID .
              - docker push ${AWS_REGISTRY_URL}:$BUILD_ID
              - docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development
              - docker push ${AWS_REGISTRY_URL}:development

That works for me. Needed awscli to be installed :)

              - pip install awscli
              - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
              - export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
              - docker build -f docker/app/Dockerfile -t ${AWS_REGISTRY_URL}:$BUILD_ID .
              - docker push ${AWS_REGISTRY_URL}:$BUILD_ID
              - docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development
              - docker push ${AWS_REGISTRY_URL}:development

@mistillate Yes you are right, aws-cli needs to be installed in the image you are using.

In Line 10/11 of the Gist, I mentioned this:

 #python image with aws-cli installed
 image: tstrohmeier/awscli:3.6.4

Why you push it again with development tag, in docker hub ppl push it with latest tag instead?

@mhewedy Because I use for every branch a own tag. I use development tag for the latest build of development branch.