Step 1: Build the Goof container image

Now that you’ve cloned the repo to your working environment, we’ll build a few container images that run our application examples in Amazon Elastic Kubernetes Service (EKS) but before we can do anything, we need to create some ECR repositories to house the build images so EKS has somewhere to pull them from.

Create the ECR repositories

The following commands will create 3 repositories for the images we will be building:

aws ecr create-repository --repository-name thumbnailer && \
aws ecr create-repository --repository-name todolist && \
aws ecr create-repository --repository-name log4shell-server

After each finishes you should get a JSON reponse similar to the following:

{
    "repository": {
        "repositoryArn": "arn:aws:ecr:us-east-2:012345678901:repository/thumbnailer",
        "registryId": "012345678901",
        "repositoryName": "thumbnailer",
        "repositoryUri": "012345678901.dkr.ecr.us-east-2.amazonaws.com/thumbnailer",
        "createdAt": "2023-06-05T16:02:53+00:00",
        "imageTagMutability": "MUTABLE",
        "imageScanningConfiguration": {
            "scanOnPush": false
        },
        "encryptionConfiguration": {
            "encryptionType": "AES256"
        }
    }
}
Tip

Press q to exit the details of each created repository. If you need to retrieve your repository information in the future, you can run the command aws ecr describe-repositories to get a list of all your repositories.

In the response we want to copy the hostname part of the repositoryUri (not including the ‘/’ and anything after it) and paste it into command below which will store it in an environment variable for future use. Fortunately, those values are available in environment variables so this command collect them and store them in a REPO variable for our use in later steps:

export REPO=$AWS_ACCOUNTID.dkr.ecr.$AWS_REGION.amazonaws.com
echo $REPO

The output should look something like the following:

012345678901.dkr.ecr.us-east-2.amazonaws.com

Log into your repositories

Next, we log into our repositories (one command logs you into any of your repositories)

aws ecr get-login-password | docker login --username AWS --password-stdin $REPO

This should return a Login Succeeded repsonse.

Build container images

Now we will build the images. Be sure you are cd’ed into the cloned goof repo directory. (if you just completed the prerequisite sections, you might still be in the cloud9-setup sub-directory so run cd .. if needed.)

cd /Workshop/goof

Once you are in the right directory, run the following commands to build the container images.

docker build -t $REPO/thumbnailer:latest thumbnailer

docker build -t $REPO/todolist:latest todolist

docker build -t $REPO/log4shell-server:latest todolist/exploits/log4shell-server

When all of the build processes are complete, if you run docker images you should see three rows like this:

docker images
REPOSITORY         TAG       IMAGE ID       CREATED          SIZE
012345678901.dkr.ecr.us-east-2.amazonaws.com/log4shell-server   latest    a42b0d443129   10 minutes ago   535MB
012345678901.dkr.ecr.us-east-2.amazonaws.com/todolist           latest    57ad8c044dbd   15 minutes ago   612MB
012345678901.dkr.ecr.us-east-2.amazonaws.com/thumbnailer        latest    3406c6d949b4   20 minutes ago   941MB

Push container images to ECR

Next, we want to push the images to ECR but before we can push them we need to create their respective repositories.

docker push $REPO/thumbnailer:latest
docker push $REPO/todolist:latest
docker push $REPO/log4shell-server:latest

Once the pushes complete, log in to your ECR repositories to see your new image repositories.

ecr-repos ecr-repos

Tip

If your ECR Repositories list is empty, ensure you are looking at the correct region. This workshop defaults to us-west-2 (Oregon).