Setting Up a CodeBuild Job to Build Containers and Push to Amazon ECR

Continuous integration and continuous deployment (CI/CD) are crucial in today’s fast-paced software development environment. Amazon CodeBuild, combined with Amazon Elastic Container Registry (ECR), offers a seamless way to build, test, and push Docker containers. This guide will walk you through setting up a CodeBuild job to build containers and push them to Amazon ECR.

Prerequisites

Before we start, ensure you have the following:

1. AWS Account: You need an active AWS account.
2. IAM Permissions: Proper IAM roles and permissions to use CodeBuild, ECR, and other AWS services.
3. Dockerfile: A Dockerfile ready in your project repository.

Step 1: Create an Amazon ECR Repository

1. Log in to the AWS Management Console and open the Amazon ECR console.
2. Create a repository:
   • Click on “Create repository”.
   • Enter a name for your repository.
   • Choose visibility settings (Private/Public).
   • Click on “Create repository”.

Step 2: Set Up IAM Role for CodeBuild

1. Navigate to the IAM console and click on “Roles”.
2. Create a new role:
   • Select “CodeBuild” as the service.
   • Attach the managed policy “AmazonEC2ContainerRegistryFullAccess”.
   • Attach additional policies for S3, CloudWatch, and other resources if needed.
   • Name your role and create it.

Step 3: Create a CodeBuild Project

1. Open the CodeBuild console and click on “Create project”.
2. Configure project settings:
   • Project name: Enter a meaningful name.
   • Source provider: Select your source provider (e.g., GitHub, CodeCommit).
   • Environment: Choose the environment image managed by AWS CodeBuild or a custom image.
   • Service role: Choose the IAM role created earlier.
3. Buildspec file: Define a buildspec file or provide one in the root directory of your repository.

Sample buildspec.yml:

version: 0.2

phases:

  install:

    runtime-versions:

      docker: 19

  pre_build:

    commands:

      – echo Logging in to Amazon ECR…

      – aws ecr get-login-password –region us-west-2 | docker login –username AWS –password-stdin <account-id>.dkr.ecr.us-west-2.amazonaws.com

      – REPOSITORY_URI=<account-id>.dkr.ecr.us-west-2.amazonaws.com/<repository-name>

  build:

    commands:

      – echo Build started on `date`

      – echo Building the Docker image…

      – docker build -t $REPOSITORY_URI:latest .

  post_build:

    commands:

      – echo Build completed on `date`

      – echo Pushing the Docker image…

      – docker push $REPOSITORY_URI:latest

artifacts:

  files: ‘**/*’

Replace <account-id> and <repository-name> with your account ID and repository name.

Step 4: Trigger the Build

1. Start a build manually or set up a webhook for automatic triggers based on code changes.
2. Monitor the build in the CodeBuild console to ensure it completes successfully.

Step 5: Verify the Image in Amazon ECR

1. Open the ECR console and navigate to your repository.
2. Check the image that was pushed by CodeBuild.

Conclusion

Setting up a CodeBuild job to build and push Docker containers to Amazon ECR streamlines your CI/CD pipeline, making it efficient and reliable. Following the steps outlined, you can automate your container build process and focus on developing and deploying applications faster.