ghatodghach's bundle of knowledge
The ECR-Lambda Story

The ECR-Lambda Story

Sachin Adi's photo
Sachin Adi
ยท

7 min read

Table of contents

Introduction

Customers now have more options for packaging formats thanks to the addition of Lambda support for OCI container images. The event-driven runtime model and cost-savings benefits of AWS Lambda are now available to developers, who can still benefit from the predictability and control provided by a container-based development and deployment cycle

Understanding the ECR

An entirely managed Docker container registry service is offered by Amazon Web Services (AWS) under the name Amazon Elastic Container Registry (Amazon ECR). Developers can use it to manage, deploy, and store Docker container images. It is simpler to create, store, and deploy containerized apps because to ECR's strong integration with other AWS services.

Key Features and Aspects of ECR

Private Docker Registry

You can store your Docker images using the secure, private Docker container registry offered by Amazon ECR in a highly available, scalable architecture.

Integration with Amazon ECS and Kubernetes

It is simple to deploy and manage containers using these orchestration services because to ECR's seamless integration with Amazon Elastic Container Service (ECS) and Kubernetes.

Security and Access Control

Using AWS Identity and Access Management (IAM) policies, ECR enables you to restrict access to your container images. To limit who can push, pull, or manage photos within your registry, you can specify granular permissions.

Scalability and Availability

To satisfy the needs of your containerized applications, ECR scales automatically. Your container images will always be accessible thanks to the high availability it offers across several AWS Availability Zones.

Lifecycle Policies

With the help of ECR's lifecycle policies, you may automatically remove outdated or useless pictures. This guarantees that only pertinent photographs are kept and lowers storage expenses.

Image Vulnerability Scanning

ECR offers image vulnerability scanning through an integration with Amazon Inspector. You can do this to find and reduce any potential security issues in your container images.

Encryption

ECR supports encryption both at rest and in transit, ensuring the security of your container images and data.

Docker CLI Integration

Developers are able to push and pull images using well-known Docker commands thanks to ECR's seamless integration with the Docker CLI.

Versioning

Container image versioning is supported by ECR. A distinct version identification is automatically assigned to each new image sent to the registry.

Logging and Monitoring

ECR offers thorough logging and monitoring tools. You may set up CloudWatch Alarms, keep an eye on registry-level events, and learn more about how people use and access images.

Cost-Effective

ECR offers a pay-as-you-go pricing model, ensuring that you only pay for the storage and data transfer you use.

When I started learning more about DevOps, ECR, EKS, ECS, etc., something struck my mind! Yes, I did an academic project with Great Learning with these things on the go. It's a great time to rewind some ECR, Docker, and Lambda concepts and how these can work together. There are multiple ways to perform this project. If you are a DevOps pro and want to use Terraform to create this infrastructure, you sure can!! It will all happen in one go (๐Ÿ˜‰provided all the configuration written will be correct).

Architecture

The Process

Here is the link to access the repository for the files necessary to perform the same project.

1> Setup an EC2 instance with the below configuration:

Base OS / AMI: Amazon Linux (ami-041feb57c611358bd)

VPC: Default VPC

Instance type: t2.micro

2> I had created a profile on IAM in AWS with administrator access earlier, but you can create one now with the same role and I named the role as LabInstanceProfile

3> Now, once this IAM role is created and we have the instance in the running state, attach the IAM role to the instance using the options "Actions > Security > Modify IAM role".

4> I had the zip folder for the project under the folder structure Desktop > Devops Tasks. So I changed my working directory to the same and checked if all the files were present using the cd and ls commands...

Great!! Now all that we need to do is ensure that the key to ssh into the EC2 instance and the OCI folder are in the same folder. So, I just moved it ๐Ÿ˜

5> Now, copy the OCI.zip folder into the EC2 instance, specifically under the /home/ec2-user path:

Let me break that command for a better understanding:

6> ssh into the instance

7> Now update the machine and install the unzip utility using the below commands:

sudo yum update

sudo yum install unzip

8> We are ready to unzip the folder and check for the contents in OCI folder.

9> Great! Now that the contents have unfolded, let's see what is inside the docker file

All the dockerfile is doing is installing the requirements, which are detailed in the requirements.txt file, copied from the content folder.

10> The next step is to install Docker to ensure that we can run Docker-related commands. So we can run the below commands to install Docker and start the Docker service. Once done, check the status.

sudo yum install docker

sudo systemctl start docker

sudo systemctl status docker

11> Start the docker service and ensure that the permissions are set right

12> At this point, ensure to logout of the session and connect back so that you can run docker commands without any issues

13> Now is the time to install AWS CLI

Since I already had it installed on my machine, I was shown a message "Nothing to do."

14> Configure the AWS CLI with the defaults using

aws configure

Note: Set everything to default to ensure that there are no boundaries for the CLI and the account to execute.

15> Time to build the Docker image!!

Boom!!! The Docker image is now built.

16> Time to check the images

17> Navigate to the ECR service under the homepage of AWS.

18> Click on "Get Started" under the "Create a repository" section. You can also do this using the Hamburger menu and selecting Repositories

Provide the private repository name. I named mine to be "lambda_ecr"

19> Once the repository is created, we can start using the push commands to push the image to the repository we created. Click on the "View Push Commands", to view the commands.

Follow the set of commands and the process shown to upload the image to the repository

On executing all those commands, the image must now be on the ECR repository that we created. Let's quickly check it out

Well!! there is our image with the tag as latest๐Ÿ˜Ž๐Ÿ˜Ž

20> Time to build the Lambda function now. Search for the "Lambda" service from the console.

21> Click on the "Create function" option

22> We would need a container image to be deployed so we will choose the "container image" option from the list

Fill in the details.

Once this is done and we select create function, the lambda service starts building

22> Move to the "Test" tab, provide the event name, and then click on "Test".

That's all... This execution will trigger the container we just built๐Ÿ˜Ž๐Ÿ˜Ž๐Ÿ˜Ž!!

After all the execution, please make sure you delete all the resources you created to avoid the bill.

Conclusion

By offering a safe, scalable, and fully managed container registry service, Amazon ECR makes managing Docker containers easier. Because it offers easy connectivity with other AWS services, it is especially helpful for businesses using containerized applications in AWS settings. ECR is an easy way to store Docker containers for an organization, and when integrated with Lambda functions, this can be a fantastic tool to deploy configurations quickly.

AWS ECRDockerlambdaserverless#ContainerRegistry
ย