🚀 Automating Docker Image Push to AWS ECR Using Jenkins and IAM Role

After successfully automating Docker image builds and pushing them to Docker Hub, I decided to level up by integrating AWS Elastic Container Registry (ECR) into my DevOps pipeline. In this post, I’ll walk you through how to build a Java application with Maven, dockerize it, and push the image to AWS ECR using Jenkins, all while using IAM role-based access for secure authentication.

🧱 Prerequisites

To follow along, you’ll need:

A Java Maven project hosted on GitHub
An AWS account with ECR repository created
A Jenkins instance (preferably on AWS EC2)
An IAM role attached to Jenkins EC2 instance with ECR permissions
Jenkins plugins:
- Pipeline
- Docker Pipeline
- AWS Steps Plugin

🔐 Step 1: IAM Role Configuration

If Jenkins is running on an EC2 instance, create and attach an IAM Role with the following policy:

jsonCopyEdit{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecr:GetAuthorizationToken",
        "ecr:BatchCheckLayerAvailability",
        "ecr:CompleteLayerUpload",
        "ecr:GetDownloadUrlForLayer",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ],
      "Resource": "*"
    }
  ]
}

Attach this role to your Jenkins EC2 instance.

🐳 Step 2: Create AWS ECR Repository

Go to AWS Console → ECR → Create repository
Example: my-java-app

Note down the full URL:

php-templateCopyEdit<aws_account_id>.dkr.ecr.<region>.amazonaws.com/my-java-app

⚙️ Step 3: Jenkins Pipeline Configuration

Install the AWS Steps Plugin and configure the pipeline. Here's a sample Jenkinsfile:

groovyCopyEditpipeline {
    agent any

    environment {
        AWS_REGION = 'us-east-1'
        REPO_NAME = 'my-java-app'
        ECR_REGISTRY = '<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com'
        IMAGE_NAME = "${ECR_REGISTRY}/${REPO_NAME}"
    }

    stages {
        stage('Clone Repo') {
            steps {
                git 'https://github.com/your-username/your-java-maven-repo.git'
            }
        }

        stage('Build JAR with Maven') {
            steps {
                sh 'mvn clean package'
            }
        }

        stage('Build Docker Image') {
            steps {
                script {
                    dockerImage = docker.build("${IMAGE_NAME}:latest")
                }
            }
        }

        stage('Login to AWS ECR') {
            steps {
                withAWS(region: "${AWS_REGION}") {
                    sh '''
                        aws ecr get-login-password --region $AWS_REGION | \
                        docker login --username AWS --password-stdin $ECR_REGISTRY
                    '''
                }
            }
        }

        stage('Push Image to ECR') {
            steps {
                script {
                    dockerImage.push("latest")
                }
            }
        }
    }
}

🔁 Pipeline Flow Summary

Clone GitHub Repo
Build Maven project into .jar
Create Docker Image from Dockerfile
Authenticate to AWS ECR via IAM role
Push Docker Image to AWS ECR

📦 Dockerfile Example

Your Dockerfile should look like this:

dockerfileCopyEditFROM openjdk:17
COPY target/*.jar app.jar
ENTRYPOINT ["java", "-jar", "/app.jar"]

✅ Expected Output

When the Jenkins job runs, you should see logs showing:

Maven build success
Docker image build
Successful login to ECR
Docker image push completion

📣 Conclusion

Pushing Docker images to AWS ECR using Jenkins with IAM role-based authentication is a secure and production-grade approach for CI/CD pipelines. This setup eliminates hardcoding AWS credentials and keeps your pipeline robust and cloud-ready.

Automating Docker Image Push to AWS ECR Using Jenkins and IAM Role