cd src/private-ecr
# Create the .env file from the sample
cp .ecr.env.example .ecr.env
Run the script to create the ECR repository with Terraform
./run.sh apply_ecr
Wait for the script to complete running, the outputs are similar to this:
...
Outputs:
ecr_repo_url = "685501949732.dkr.ecr.ap-northeast-1.amazonaws.com/labs/apprunner"
iam_access_key_id = "AKIAZ7GYZU4SLDZC6SU2"
iam_access_key_secret = <sensitive>
iam_user_name = "github_action"
After pushing first container image to ECR, run 'run.sh apply_app_runner' to deploy to AppRunner.
We have:
We can see the IAM username and the iam_access_key_id directly from the script output.
To see the iam_access_key_secret, run ./run.sh show_secret_key.
The above repository has a Dockerfile that can be used to build the container image.
Read this document for steps
to push container images to private ECR repository.
The cloned example repository comes with a workflow to build and push container images with GitHub actions.
AWS_ACCESS_KEY_ID: the iam_access_key_id from the previous stepAWS_SECRET_ACCESS_KEY: the iam_access_key_secret from previous stepECR_REPO_NAME: the value of ecr_repo_url output from the previous stepTo build the first image tag, navigate to Actions tab of the GitHub interface,
then select Publish to ECR workflow, click Run workflow dropdown, then click
the Run workflow button with the main branch selected. Waiting for the jobs to be completed.
The workflow is automatically run every a new commit is added to the main branch.
Run the script to create the AppRunner service with the private ECR
./run.sh apply_app_runner
Waiting for the Terraform plan to be applied and the URL of the example application is shown at the Terraform outputs.
./run.sh destroy
This script remove both the AppRunner service and the ECR repository as well as the IAM user that is created in the first step.