Docs Navigation

Setting up continuous delivery with AWS EC2 Container Registry

Amazon EC2 Container Registry is a container registry for the deployment, storage and management of Docker images. It comes from the family of Amazon Web Services (AWS), so you can access it with your Amazon account if you already have one. If you don't have an account, you can sign up here.

Integrating your Semaphore account with the Amazon EC2 Container Registry (ECR) is quick and straightforward. It will only take a couple of minutes of your time.

Container registry integrations are available as project add-ons for all Semaphore projects that are set up to use Docker. For more information on how to set up a Docker project on Semaphore, read our documentation page on setting up continuous integration for a Docker project on Semaphore.

Configuring the Amazon EC2 Container Registry (ECR) project add-on will enable you to push and pull your images without having to log into ECR during builds and deployments. This can be done by visiting your project on Semaphore and clicking "Add-ons" in the upper right corner of your screen.

Click Project Add-ons

Next, click "Docker Registry".

Click Docker Registry

Select the "Amazon EC2 Container Registry (ECR)" integration.

Click Amazon Container Registry

You will be prompted with three input fields, requiring your:

  • AWS Access Key ID,
  • AWS Secret Access Key, and
  • AWS Region - the region where your repository resides.

Amazon Container Registry form

You can find instructions for managing AWS credentials in the AWS documentation. It is a good practice to create a new IAM user, whose purpose will be to interact with Semaphore.

Click "Test & Save". If your credentials are valid, the registry will be saved. Semaphore encrypts your credentials and stores them securely.

You can now push or pull images from the Amazon Container Registry through Semaphore.

docker push aws_account_id.dkr.ecr.region.amazonaws.com/my-web-app

Note: To make a unique image tag, you can combine the available environment variables (eg. my-web-app:$REVISION).

Happy building!

Example AWS IAM policy

You can attach AmazonEC2ContainerRegistryPowerUser policy for the role that is interacting with Semaphore. It provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes. AmazonEC2ContainerRegistryPowerUser is shown below, but you can also attach it in AWS console.

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Action": [
            "ecr:GetAuthorizationToken",
            "ecr:BatchCheckLayerAvailability",
            "ecr:GetDownloadUrlForLayer",
            "ecr:GetRepositoryPolicy",
            "ecr:DescribeRepositories",
            "ecr:ListImages",
                        "ecr:DescribeImages",
            "ecr:BatchGetImage",
            "ecr:InitiateLayerUpload",
            "ecr:UploadLayerPart",
            "ecr:CompleteLayerUpload",
            "ecr:PutImage"
        ],
        "Resource": "*"
    }]
}

Semaphore Docs are open source — Edit on GitHub

Newsletter

Occasional lightweight product and blog updates. Unsubscribe at any time.

2009-2017 © Rendered Text. All rights reserved. Terms of Service, Privacy policy, Security.