Dockerrun.aws.json file for private dockerhub image

Question

I'm trying to deploy a rails application built with Docker to Elastic Beanstalk's multi-container service. My Dockerrun.aws.json currently looks like:

{
  "AWSEBDockerrunVersion": 2,
  "volumes": [
    {
      "name": "myapp",
      "host": {
        "sourcePath": "/var/app/current"
      }
    },
    {
      "name": "myapp-redis",
      "host": {
        "sourcePath": "/var/app/current/myapp-redis"
      }
    },
    {
      "name": "myapp-postgres",
      "host": {
        "sourcePath": "/var/app/current/myapp-postgres"
      }
    }
  ],
  "authentication": {
    "bucket": "myapp",
    "key": "config.json"
  },
  "containerDefinitions": [
    {
      "name": "redis",
      "image": "redis:3.0.5",
      "environment": [
        {
          "name": "Container",
          "value": "redis"
        }
      ],
      "portMappings": [
        {
          "hostPort": 6379,
          "containerPort": 6379
        }
      ],
      "essential": true,
      "memory": 128,
      "mountPoints": [
        {
          "sourceVolume": "myapp-redis",
          "containerPath": "/var/lib/redis/data",
          "readOnly": false
        }
      ]
    },
    {
      "name": "postgres",
      "image": "postgres:9.4.5",
      "environment": [
        {
          "name": "Container",
          "value": "postgres"
        }
      ],
      "portMappings": [
        {
          "hostPort": 5432,
          "containerPort": 5432
        }
      ],
      "essential": true,
      "memory": 128,
      "mountPoints": [
        {
          "sourceVolume": "myapp-postgres",
          "containerPath": "/var/lib/postgresql/data",
          "readOnly": false
        }
      ]
    },
    {
      "name": "myapp",
      "image": "myrepo/myapp:latest",
      "environment": [
        {
          "name": "Container",
          "value": "myapp"
        }
      ],
      "essential": true,
      "memory": 128,
      "mountPoints": [
        {
          "sourceVolume": "myapp",
          "containerPath": "/myapp",
          "readOnly": false
        }
      ]
    }
  ]
}

My config.json file is at bucket myapp/config.json and is formatted like:

{
  "https://index.docker.io/v1/": {
    "auth": "mylongauthtokenhere",
    "email": "[email protected]"
  }
}

This setup works when I point to a public repo for the "image": "myrepo/myapp:latest", line, but when I try to initialize with this config I get errors: err="Error: image myrepo/myapp:latest not found" and ERROR [Instance: i-913b2004] Command failed on instance. Return code: 1 Output: 'Failed to start ECS task after retrying 2 times.'

I've also tried configuing config.json a few different ways with no luck. Any help on this would be greatly appreciated!

Answer 1

UPDATE: the OP found the specific role that was needed. The aws-elasticbeanstalk-ec2-role needed the AmazonS3ReadOnlyAccess policy.

EB runs via service roles. These roles need to be granted appropriate permissions to go out and grab the credential file from S3: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts-roles.html

Also, I'm guessing your using Docker 1.7 or later locally.

Docker 1.7+ login generates a credential file config.json like this:

{
 "auths" :
 {
    "server" :
   {
      "auth" : "auth_token",
      "email" : "email"
    }
   }
 } 

Elastic Beanstalk used to want only the old config object format like this:

 {
    "server" :
   {
      "auth" : "auth_token",
      "email" : "email"
    }
   }

Notice the missing outer auth block?

Or maybe it's the other way around and ElasticBeanstalk is expecting the newer format if as you note in your OP EB is using docker 1.9.1

You could try to edit this file and re-upload to EB. See the bottom of this page for details: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html#docker-images-private