Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Elastic Beanstalk with Amazon ECR Docker image

I'm new to AWS and I'm trying to deploy a multicontainer Docker application to Elastic Beanstalk. My Dockerrun.aws.json file is very simple, and it's the only thing that's uploaded to EB:

{
  "AWSEBDockerrunVersion": 2,
  "containerDefinitions": [
    {
      "name": "mycontainer",
      "image": "somethingsomething.eu-central-1.amazonaws.com/myimage",
      "essential": true,
      "memory": 128
    }
  ]
}

In http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html it says that when using a Docker image uploaded to Amazon ECR:

You do, however, need to provide your instances with permission to access the images in your Amazon ECR repository by adding permissions to your environment's instance profile. You can attach the AmazonEC2ContainerRegistryReadOnly managed policy to the instance profile to provide read-only access to all Amazon ECR repositories in your account

When deploying the application, it raises the following error:

ECS task stopped due to: Essential container in task exited. (myimage: CannotPullContainerError: AccessDeniedException: User: arn:aws:sts::xxx:assumed-role/aws-elasticbeanstalk-ec2-role/i-xyz is not authorized to perform: ecr:GetAuthorizationToken on resource: * status code: 400, request id: 4143c35d-)

I added the AWSElasticBeanstalkReadOnlyAccess to the aws-elasticbeanstalk-ec2-role, but it doesn't change anything...

Help?!

like image 829
Florin Vistig Avatar asked Jun 30 '17 15:06

Florin Vistig


1 Answers

per https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html#iam-instanceprofile-addperms

  1. open https://console.aws.amazon.com/iam/home#roles

  2. Choose aws-elasticbeanstalk-ec2-role

  3. On the Permissions tab, choose Attach policies.

  4. select AmazonEC2ContainerRegistryReadOnly

  5. Choose Attach policy

like image 187
peer Avatar answered Sep 29 '22 12:09

peer