Build a Docker image on top of CodeBuild Docker Image - amazon-web-services

As AWS CodeBuild provides "Docker" curated images (http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html),
I'd like to reuse one of those to build my custom CodeBuild Image (http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker-custom-image.html).
I don't know the CodeBuild Registry Url.
How to reference those images (FROM) ?
I could rebuild myself the image I need (https://github.com/aws/aws-codebuild-docker-images) and host it in a private ECR but it's wasting time and storage.

CodeBuild's internal Docker repository used for Curated Images is not publicly accessible. You should build your own base image from the official Dockerfiles.

The AWS CodeBuild provides also a console where you can use these images. I think they use Amazon EC2 Repository to provide these internally, like the one you can use. but there isn't a public registry (or I already haven't found).
You can find these images to create Docker machines using the build spec defined by Amazon
http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html

I found this public image but is not official:
https://hub.docker.com/r/sandorzelei/aws-codebuild/
So you can use it as follows:
FROM sandorzelei/aws-codebuild

Related

Can I permit AWS IAM users to set ECR image tags but not push images?

Our CD infrastructure deploys Docker images to our ECR repositories. In each repository, there's a latest tag, which is what runs when you (re)start that service.
I'd like to be able to grant IAM users permission to change which deployed image is used by setting the latest tag to another image in the repository, e.g. to roll back to an earlier version after a bad deploy.
The AWS ECR docs for Retagging an image say that you do so by calling aws ecr put-image, but I don't want to enable people to upload arbitrary images of their own devising, just to choose which of the images that came through CD is latest.
It seems like I can grant ecr:PutImage without ecr:InitiateLayerUpload / ecr:CompleteLayerUpload, but it seems like Amazon docs aren't targeting this use case, so I find it tricky to work out what powers this actually grants. What can someone do with the ability to set arbitrary image manifests, if they can't upload images themselves? Or is there some other way to allow people to set tags but do nothing else?

AWS SageMaker - Upload our own docker image

I am new to AWS SageMaker and i am using this technology for building and training the machine learning models. I have now developed a docker image which contains our custom code for tensorflow. I would like to upload this custom docker image to AWS SageMaker and make use of it.
I have searched various links but could not find proper information on how to upload our own custom docker image.
Can you please suggest me the recommended links regarding the process of uploading our own docker image to AWS SageMaker?
In order to work with sagemaker, you have to push your container to ECR. The most important thing is that the container must be "adapted" to be complaint to what sagemaker requires, but everything is described here. In addition if you want to take a look to an example, here is mine.. where I use my container with TF Object Detection API in AWS Sagemaker.

Configure ECR as a proxy that pulls from Docker Hub

Lets say I have an EKS cluster, an EC2 instance and my local machine, I can pull images from my private ECR without any issues. But when I pull a generic image like nginx, it will come from Docker Hub straight to me. Would it be possible to redirect this pull to enter my ECR first (so that it gets scanned for vulnerabilities, and maybe even for caching purposes perhaps) and then from my ECR to where I pulled from?
If this is not possible, what would be a good alternative?
AWS container team person here. Can you clarify one thing? Would you be ok to point your manifests to ECR (acting as a hub/cache for external registries) or do you want to keep your manifests pointing to DockerHub but somewhat transparently go through ECR for caching? I am asking because we are working on the former scenario.
You can subscribe here to see the progress and leave comments.
It is not possible to redirect your request to pull generic image to ECR and then to Docker Hub.
I understand your concern to pull images from Docker Hub directly. So what you can do what we have done in our projects is:
pull generic image from Docker Hub for one time
Using that image, build your own image with any customisations you may require or not.
Publish the newly created image to your ECR repo.
Going forward use your only ECR repo to pull that image.
In this way, you will have full control on the image you have. Also, it would be more secure to pull it from your ECR repo rather then again and again using Docker Hub. Also, you can do any customisation you want.

How to Package and provide web app in AWS

I have web application tar file. I have created docker image for the same. I will be using a private docker registry (Due to security reasons). I have written Helm charts to use the image in Kubernetes (Kept it in Private helm repo). So if anyone want to install the APP using docker image on EKS feature of AWS, what would be the best way I can package my app and give it to them ?
Basic requirement is It shouldn't be available to everyone for installation. Only the one's approved by me can install.
Thanks in advance.
You can push it to their private container registry. If they are using AWS you can use ECR. You can find more information on how to push the image here
Basically, they would need to create an IAM user/role for you to be able to push to their AWS account.

AWS & Docker image

I have created a local image based on CentOS with a specific application running on it. Running the application locally on my machine works fine. I want to take this image and upload it to AWS (preferably to an ElasticBeanstalk instance but I can work with other types).
I cannot upload the image to a image repository like docker hub or other type The application is by a third party and they gave us special permission to make the image and run it on AWS but we can not place the image in a repository.
Is there a way to just export my docker image (I have the saved TAR file) and upload it to AWS and have them use it directly? I've searched and searched and not found anything showing how to do that, all I have found indicate you have to have it in a repository or upload the code to AWS and have it build the image.
Thank you