Automating Docker Image Push to AWS ECR Using Jenkins and IAM Role

๐ Automating Docker Image Push to AWS ECR Using Jenkins and IAM Role
After successfully automating Docker image builds and pushing them to Docker Hub, I decided to level up by integrating AWS Elastic Container Registry (ECR) into my DevOps pipeline. In this post, Iโll walk you through how to build a Java application with Maven, dockerize it, and push the image to AWS ECR using Jenkins, all while using IAM role-based access for secure authentication.
๐งฑ Prerequisites
To follow along, youโll need:
A Java Maven project hosted on GitHub
An AWS account with ECR repository created
A Jenkins instance (preferably on AWS EC2)
An IAM role attached to Jenkins EC2 instance with ECR permissions
Jenkins plugins:
Pipeline
Docker Pipeline
AWS Steps Plugin
๐ Step 1: IAM Role Configuration
If Jenkins is running on an EC2 instance, create and attach an IAM Role with the following policy:
jsonCopyEdit{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:CompleteLayerUpload",
"ecr:GetDownloadUrlForLayer",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
],
"Resource": "*"
}
]
}
Attach this role to your Jenkins EC2 instance.
๐ณ Step 2: Create AWS ECR Repository
Go to AWS Console โ ECR โ Create repository
Example: my-java-app
Note down the full URL:
php-templateCopyEdit<aws_account_id>.dkr.ecr.<region>.amazonaws.com/my-java-app
โ๏ธ Step 3: Jenkins Pipeline Configuration
Install the AWS Steps Plugin and configure the pipeline. Here's a sample Jenkinsfile
:
groovyCopyEditpipeline {
agent any
environment {
AWS_REGION = 'us-east-1'
REPO_NAME = 'my-java-app'
ECR_REGISTRY = '<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com'
IMAGE_NAME = "${ECR_REGISTRY}/${REPO_NAME}"
}
stages {
stage('Clone Repo') {
steps {
git 'https://github.com/your-username/your-java-maven-repo.git'
}
}
stage('Build JAR with Maven') {
steps {
sh 'mvn clean package'
}
}
stage('Build Docker Image') {
steps {
script {
dockerImage = docker.build("${IMAGE_NAME}:latest")
}
}
}
stage('Login to AWS ECR') {
steps {
withAWS(region: "${AWS_REGION}") {
sh '''
aws ecr get-login-password --region $AWS_REGION | \
docker login --username AWS --password-stdin $ECR_REGISTRY
'''
}
}
}
stage('Push Image to ECR') {
steps {
script {
dockerImage.push("latest")
}
}
}
}
}
๐ Pipeline Flow Summary
Clone GitHub Repo
Build Maven project into
.jar
Create Docker Image from
Dockerfile
Authenticate to AWS ECR via IAM role
Push Docker Image to AWS ECR
๐ฆ Dockerfile Example
Your Dockerfile
should look like this:
dockerfileCopyEditFROM openjdk:17
COPY target/*.jar app.jar
ENTRYPOINT ["java", "-jar", "/app.jar"]
โ Expected Output
When the Jenkins job runs, you should see logs showing:
Maven build success
Docker image build
Successful login to ECR
Docker image push completion
๐ฃ Conclusion
Pushing Docker images to AWS ECR using Jenkins with IAM role-based authentication is a secure and production-grade approach for CI/CD pipelines. This setup eliminates hardcoding AWS credentials and keeps your pipeline robust and cloud-ready.
Subscribe to my newsletter
Read articles from BHASHWANTH PALUKURI directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
