Unleash the Power: Creating ECR Repository and Setting Policy with Bash Script Hacks

Mahira Technology Private LimitedMahira Technology Private Limited
2 min read

Overview :-

Amazon Elastic Container Registry (ECR) is a managed Docker container registry service that makes it easy for developers to store, manage, and deploy Docker container images. It’s integrated with Amazon Elastic Container Service (ECS) and simplifies your development to production workflow. Automating the creation of ECR repositories and setting policies can streamline the process, making it more efficient. This blog post will guide you through the process of using Bash scripts to create an ECR repository and configure its policies effectively.

Pre-requisites :-

Before diving into the Bash script hacks for ECR, ensure you have the following:
* AWS account and AWS CLI installed and configured with appropriate permissions.
* Basic knowledge of Bash scripting and JSON (for policy definitions).
* Docker installed on your machine if you plan to push or pull images as part of your testing.

Procedure :-

Step-1 :- Install Bash on your machine and create a file named ecr.sh. Copy the below code into the ecr.sh file.

#!/bin/bash
set -e
PROJECT_NAME="mahira-project"
REMOTE_REGISTRY="123456789.dkr.ecr.us-west-2.amazonaws.com"

# Function to create ECR repository if it doesn't exist
create_ecr_repo() {
  REPO_NAME=$1
  aws ecr describe-repositories --repository-names ${REPO_NAME} >/dev/null 2>&1 || aws ecr create-repository --repository-name ${REPO_NAME}
}

# Function to set repository policy
set_ecr_policy() {
  REPO_NAME=$1
  POLICY=$2
  aws ecr set-repository-policy --repository-name ${REPO_NAME} --policy-text "${POLICY}"
}

# Define the repository policy
REPO_POLICY=$(cat <<EOF
{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "pull-policy",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::987654321789:root",
          "arn:aws:iam::000000000000:root",
          "arn:aws:iam::999999999999:root"
        ]
      },
      "Action": [
        "ecr:BatchGetImage",
        "ecr:GetDownloadUrlForLayer"
      ]
    }
  ]
}
EOF
)

# Loop through each project name and perform the build and push
for PROJECT_NAME in $PROJECT_NAMES; do
    # Create the ECR repository if it doesn't exist
    create_ecr_repo ${PROJECT_NAME}
    set_ecr_policy ${PROJECT_NAME} "${REPO_POLICY}"
    REMOTE_IMAGE="${REMOTE_REGISTRY}/${PROJECT_NAME}"
done

Step-2 :- Open a terminal or command prompt window and give executable permissions to the bash script.

Step-3 :- Now Execute the script using below command.

./ecr.sh

Replace 123456789 with the AWS account ID and some-user with the specific user or role. This script segment creates a policy and applies it to the repository.

Conclusion :-

Using Bash scripts to manage your ECR repositories can significantly simplify the process of setting up and maintaining your Docker container workflows. By automating these tasks, you can ensure consistency across environments and reduce the potential for human error. Remember, the key to effective automation is understanding the tools at your disposal and how to use them to fit your specific needs. Happy scripting!

0
Subscribe to my newsletter

Read articles from Mahira Technology Private Limited directly inside your inbox. Subscribe to the newsletter, and don't miss out.

ecr repo#amazon ecrDevopsbest practicesshell scriptScriptingAWSBash

Written by

Mahira Technology Private Limited
Mahira Technology Private Limited

A leading tech consulting firm specializing in innovative solutions. Experts in cloud, DevOps, automation, data analytics & more. Trusted technology partner.