Pull private docker images from Docker Hub to EC2 instances
Create everything with one command.
If you’re running Docker containers, probably you want to run this container in the cloud, but sometimes you need to deploy a image from a private repository on Docker Hub in many EC2 machines so, typing docker login in all is not exactly a good solution. You could use Ansible for something like that, but it involves private keys, access to all machines through ssh, and it might be not possible depending on your company or application.
Authentication File
First, you need to login to Docker Hub using docker login, this will create a file in the docker folder ~/.docker/config.json with the auth hashed and your email.
Note: Be careful when copying and manipulating this file, since anyone with access to this file could access your container registry!
Upload this file to a private S3 bucket on AWS (your bucket must be in the same region of your EC2 machines).
Resource Creation
I will create an example using Terraform, this way we can automate creation and configuration of the instances. For your machine get access to your bucket, you must allow your instances to access the bucket you created and copy the docker configuration file. In order to do this, we need to attach an IAM Profile to the instance.
To copy files from S3 to EC2, we will use the user_data to input a script that run on startup of the instances. For the example file, I will use this tutorial from Sam with little changes for our use case. Here’s the example code:
This way, the instance have access to the S3 bucket that you’ve created, and will execute your script on instance startup. The last part is to create the script to install the packages and copy the file.
And that’s it. If you’ve used the examples, is just run terraform apply and everything should run perfectly, and you will be able to use your docker private images on your EC2 instances.
Thank you for reading. And thanks to Mylena Rossato for the English review!
References
- https://www.youtube.com/watch?v=pLw6MLqwmew
- https://stackoverflow.com/questions/34013068/where-are-the-docker-registry-login-files
- https://stackoverflow.com/questions/65256613/terraform-how-to-copy-files-from-s3-to-ec2
- https://sammeechward.com/s3-and-iam-with-terraform/
- https://github.com/UmInventorQualquer/curso-aws-pratico-producao/blob/main/docker/production-init.sh
