Skip to content

Instantly share code, notes, and snippets.

@tstrohmeier
Last active September 5, 2022 08:46
Show Gist options
  • Save tstrohmeier/488f42ca7c66372b0c679bbb932c6ca5 to your computer and use it in GitHub Desktop.
Save tstrohmeier/488f42ca7c66372b0c679bbb932c6ca5 to your computer and use it in GitHub Desktop.
AWS ECS: Deploy Docker Container from Bitbucket Pipeline to AWS ECR
# enable Docker for your repository
options:
docker: true
pipelines:
branches:
development:
- step:
#python image with aws-cli installed
image: tstrohmeier/awscli:3.8.3
script:
# aws login
- eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
# docker
- export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
- docker build -t ${AWS_REGISTRY_URL}:$BUILD_ID .
- docker push ${AWS_REGISTRY_URL}:$BUILD_ID
- docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development
- docker push ${AWS_REGISTRY_URL}:development
@bhushankummar
Copy link

Is it working, did you test it?

@tstrohmeier
Copy link
Author

tstrohmeier commented Oct 31, 2017

@bhushankumarl Yes this is working. You have to specify the env. variables in the Bitbucket settings.

@tstrohmeier
Copy link
Author

$BITBUCKET_BRANCH is only available in:

 pipelines:
  branch:
    xxx:

@tstrohmeier
Copy link
Author

Changed the image from python to tstrohmeier/awscli (preinstalled awscli)

@tstrohmeier
Copy link
Author

Version update to 3.6.4

@sterichards
Copy link

Using this configuration I get the following error within Bitbucket pipelines:

rpc error: code = Unknown desc = Error response from daemon: denied: User: arn:aws:sts::715509311748:assumed-role/us-east-1.bbci-prod_node-role/i-05217f220ab8f164b is not authorized to perform: ecr:BatchGetImage on resource: arn:aws:ecr:eu-west-1:028745261605:repository/cryptocurrency-api

@tstrohmeier
Copy link
Author

tstrohmeier commented Mar 18, 2018

@sterichards For my AWS deploy user I have allowed following actions in the AWS IAM:

"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"

I guess ecr:BatchGetImage is missing in your policy config.

@mhewedy
Copy link

mhewedy commented Jan 19, 2019

Why you push it again with development tag, in docker hub ppl push it with latest tag instead?

@meet2amit
Copy link

Hello

Can you please help on this ? Basically ecr login working but at push stage i am getting below error...

a2530809121f: Preparing
4782fd74f401: Preparing
d9cef133f7d5: Preparing
436c36ea86e2: Preparing
55b0468ae4ac: Preparing
2f9573747b65: Preparing
4a6166f16a0e: Preparing
e02b32b1ff99: Preparing
f75e64f96dbc: Preparing
8f7ee6d76fd9: Preparing
c23711a84ad4: Preparing
90d1009ce6fe: Preparing
no basic auth credentials

@JnMik
Copy link

JnMik commented May 15, 2019

after trying MANY scenarios and always ending up with "no basic auth credentials", I finally managed to make it work with this

replace AWS-ECR-IMG-BASE-PATH with your ECR image path

pipelines:
  tags:
    '*':
      - step:
         name: Build docker image and push to Docker hub
         script:
           - curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
           - unzip awscli-bundle.zip
           - ./awscli-bundle/install -b ~/bin/aws
           - export PATH=~/bin:$PATH
           - eval $(aws ecr get-login --region us-east-1 --no-include-email)
           - docker build -t AWS-ECR-IMG-BASE-PATH:$BITBUCKET_TAG .
           - docker push AWS-ECR-IMG-BASE-PATH:$BITBUCKET_TAG
           - docker build -t AWS-ECR-IMG-BASE-PATH:latest .
           - docker push AWS-ECR-IMG-BASE-PATH:latest
options:
  docker: true

@tchalupnik
Copy link

tchalupnik commented Sep 9, 2019

That works for me. Needed awscli to be installed :)

              - pip install awscli
              - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
              - export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
              - docker build -f docker/app/Dockerfile -t ${AWS_REGISTRY_URL}:$BUILD_ID .
              - docker push ${AWS_REGISTRY_URL}:$BUILD_ID
              - docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development
              - docker push ${AWS_REGISTRY_URL}:development

@tstrohmeier
Copy link
Author

tstrohmeier commented Sep 11, 2019

That works for me. Needed awscli to be installed :)

              - pip install awscli
              - eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
              - export BUILD_ID=$BITBUCKET_BRANCH_$BITBUCKET_COMMIT_$BITBUCKET_BUILD_NUMBER
              - docker build -f docker/app/Dockerfile -t ${AWS_REGISTRY_URL}:$BUILD_ID .
              - docker push ${AWS_REGISTRY_URL}:$BUILD_ID
              - docker tag ${AWS_REGISTRY_URL}:$BUILD_ID ${AWS_REGISTRY_URL}:development
              - docker push ${AWS_REGISTRY_URL}:development

@mistillate Yes you are right, aws-cli needs to be installed in the image you are using.

In Line 10/11 of the Gist, I mentioned this:

 #python image with aws-cli installed
 image: tstrohmeier/awscli:3.6.4

@tstrohmeier
Copy link
Author

Why you push it again with development tag, in docker hub ppl push it with latest tag instead?

@mhewedy Because I use for every branch a own tag. I use development tag for the latest build of development branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment