将 Docker 图像从 S3 上传到 ECR

Question

Right now I am creating an application which a user needs to be able to upload a docker image that can be eventually run on ECS. Ideally I would like the user to have a presigned url where they can upload to ECR, but this doesn't seem possible.

As a work around to this I was going to have a user upload their docker image to s3 using a presigned url and then try make something that can upload this image on s3 to ECR. Does anyone have a suggestion on how I can take this docker image on s3 and move it to ECR, or another approach to where a user can upload a docker image to ecr directly.

Thanks I am new to ECS and ECR so any advice would be appreciated.

Answer 1

The first thing you need to understand is that a Docker image is not a single file. It is a collection of files (along with a manifest) that hold the different layers of the filesystem. Different images can (and usually do) share the same layers. The Docker registry (ie, ECR) manages these layers as individual files, and serves them to the Docker daemon (ie, ECS) as needed.

Ideally I would like the user to have a presigned url where they can upload to ECR

Assuming that the user has a Docker daemon running (which they must, in order to build a Docker image), you can provide them with a login token that allow them to do a docker push to ECR. You probably already do this:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.com

If you want to do this programmatically, you would call the GetAuthorizationToken API. The token that you get will be valid for 12 hours (unfortunately, no way to increase or decrease).