Skip to main content
Welcome back. In this lesson we’ll verify that the Docker image pushed to Amazon ECR runs correctly from an AWS Cloud9 environment. You’ll see the typical build spec we used, how to authenticate Docker with ECR, pull the image, run it locally, and validate the app is reachable.

Build spec (for reference)

This is the CodeBuild buildspec that builds, tags, and pushes the image to ECR:

After committing changes

Here is the local git output after pushing changes to CodeCommit:

Common error when pulling without authentication

If you try to docker pull a private ECR image without logging in, Docker returns a no credentials error:
Docker must be authenticated against ECR before pulling private images. Use the aws ecr get-login-password command and pipe it into docker login. Be sure to use the correct region (for example, eu-central-1) or export an environment variable such as AWS_DEFAULT_REGION beforehand.

Authenticate, pull, and run (commands)

Example explicit login (eu-central-1) and pull:
Combined sequence (login then pull):
Quick reference of the essential commands:
The image shows an Amazon Elastic Container Registry (ECR) interface with a repository named "cryptoproject," displaying one image tagged "latest" along with details such as size and digest.

Run the container in Cloud9 and validate

Start the container and map the app port (the app listens on port 5000):
To confirm the app is reachable from your browser:
  1. In the AWS Console navigate to EC2 and select the instance that hosts your Cloud9 environment (or the EC2 instance you’re using).
  2. Copy the instance Public IP address.
  3. Ensure the instance Security Group allows inbound TCP on port 5000 from your source IP (or use the Cloud9 preview feature).
  4. Open your browser and visit http://<PUBLIC_IP>:5000 (replace <PUBLIC_IP> with the copied address).
The application UI should appear. Example credentials used in this demo:
  • Username: admin
  • Password: password123
Test core flows such as Login, Order Now, and submitting an order to ensure the image behaves the same as the locally built container.
Tip: If you prefer an environment variable for the region, export it first:
Then authenticate with:
Security reminder: Avoid opening port 5000 to the public internet in production. Limit access via the EC2 Security Group to trusted IPs or use an SSH tunnel / VPN. Exposing management interfaces publicly can lead to unauthorized access.

What this enables

With the image in ECR and the CodeBuild pipeline in place, commits to CodeCommit can trigger rebuilds and pushes to ECR automatically. Once images are in ECR you can choose deployment targets such as Amazon ECS, Amazon EKS, AWS Lambda (container images), or plain EC2 instances. That’s it for this lesson — see you in the next one.

References

Watch Video