Automating Docker Image Push to AWS ECR Using Jenkins and IAM Role

๐Ÿš€ Automating Docker Image Push to AWS ECR Using Jenkins and IAM Role

After successfully automating Docker image builds and pushing them to Docker Hub, I decided to level up by integrating AWS Elastic Container Registry (ECR) into my DevOps pipeline. In this post, Iโ€™ll walk you through how to build a Java application with Maven, dockerize it, and push the image to AWS ECR using Jenkins, all while using IAM role-based access for secure authentication.


๐Ÿงฑ Prerequisites

To follow along, youโ€™ll need:

  • A Java Maven project hosted on GitHub

  • An AWS account with ECR repository created

  • A Jenkins instance (preferably on AWS EC2)

  • An IAM role attached to Jenkins EC2 instance with ECR permissions

  • Jenkins plugins:

    • Pipeline

    • Docker Pipeline

    • AWS Steps Plugin


๐Ÿ” Step 1: IAM Role Configuration

If Jenkins is running on an EC2 instance, create and attach an IAM Role with the following policy:

jsonCopyEdit{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecr:GetAuthorizationToken",
        "ecr:BatchCheckLayerAvailability",
        "ecr:CompleteLayerUpload",
        "ecr:GetDownloadUrlForLayer",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ],
      "Resource": "*"
    }
  ]
}

Attach this role to your Jenkins EC2 instance.


๐Ÿณ Step 2: Create AWS ECR Repository

Go to AWS Console โ†’ ECR โ†’ Create repository
Example: my-java-app

Note down the full URL:

php-templateCopyEdit<aws_account_id>.dkr.ecr.<region>.amazonaws.com/my-java-app

โš™๏ธ Step 3: Jenkins Pipeline Configuration

Install the AWS Steps Plugin and configure the pipeline. Here's a sample Jenkinsfile:

groovyCopyEditpipeline {
    agent any

    environment {
        AWS_REGION = 'us-east-1'
        REPO_NAME = 'my-java-app'
        ECR_REGISTRY = '<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com'
        IMAGE_NAME = "${ECR_REGISTRY}/${REPO_NAME}"
    }

    stages {
        stage('Clone Repo') {
            steps {
                git 'https://github.com/your-username/your-java-maven-repo.git'
            }
        }

        stage('Build JAR with Maven') {
            steps {
                sh 'mvn clean package'
            }
        }

        stage('Build Docker Image') {
            steps {
                script {
                    dockerImage = docker.build("${IMAGE_NAME}:latest")
                }
            }
        }

        stage('Login to AWS ECR') {
            steps {
                withAWS(region: "${AWS_REGION}") {
                    sh '''
                        aws ecr get-login-password --region $AWS_REGION | \
                        docker login --username AWS --password-stdin $ECR_REGISTRY
                    '''
                }
            }
        }

        stage('Push Image to ECR') {
            steps {
                script {
                    dockerImage.push("latest")
                }
            }
        }
    }
}

๐Ÿ” Pipeline Flow Summary

  1. Clone GitHub Repo

  2. Build Maven project into .jar

  3. Create Docker Image from Dockerfile

  4. Authenticate to AWS ECR via IAM role

  5. Push Docker Image to AWS ECR


๐Ÿ“ฆ Dockerfile Example

Your Dockerfile should look like this:

dockerfileCopyEditFROM openjdk:17
COPY target/*.jar app.jar
ENTRYPOINT ["java", "-jar", "/app.jar"]

โœ… Expected Output

When the Jenkins job runs, you should see logs showing:

  • Maven build success

  • Docker image build

  • Successful login to ECR

  • Docker image push completion

    ๐Ÿ“ฃ Conclusion

    Pushing Docker images to AWS ECR using Jenkins with IAM role-based authentication is a secure and production-grade approach for CI/CD pipelines. This setup eliminates hardcoding AWS credentials and keeps your pipeline robust and cloud-ready.

0
Subscribe to my newsletter

Read articles from BHASHWANTH PALUKURI directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

BHASHWANTH PALUKURI
BHASHWANTH PALUKURI