tiero - Fotolia


Build and manage Docker container images with two AWS tools

Developers can use Amazon ECR or AWS OpsWorks to configure container images. While one service offers more control, the other integrates with Chef.

Developers building containers have two options in AWS to facilitate application packaging and deployment. Both...

services offer varying levels of granularity and require different skill sets.

The Amazon EC2 Container Registry (Amazon ECR) makes it easier to store, manage and deploy Docker container images. Developers can host Docker container images in a highly available architecture and integrate them with AWS Identity and Access Management (IAM) for security. The service also integrates with Amazon EC2 Container Service (ECS) to provision container clusters and improve scalability.

Alternatively, AWS OpsWorks is a configuration management service that's based on open source Chef; the service provisions compute, storage and application resources, such as containers. It uses Chef recipes to dynamically generate server configurations and application infrastructure in code. Developers built the open source configuration framework that led to OpsWorks, and that community later added orchestration capabilities. The service is useful when specifying the number of server instances, applications servers and storage capacity desired for each resource.

OpsWorks requires less storage space to manage than ECR, as developers manage text-based Chef recipes, instead of storing images as larger binary files in the registry. OpsWorks also provides greater granularity for Docker container images, which generate along with the supporting infrastructure. Amazon ECR gives developers greater control when building Docker container images and facilitates application testing.

The service also uses ECS Cluster layers to ease deployment and better manage containers. Admins must set up appropriate IAM permissions for the OpsWorks instance; they can then customize container instances with Chef recipes when installing an OS and manage package updates on the cluster.

AWS OpsWorks also integrates into the AWS CloudFormation command-line interface to enable IT teams to launch other services. It offers greater control over app infrastructure than CloudFormation does, as that service requires teams to describe all required resources.

EC2 Container Registry liberates developers

IT teams can use a wide variety of tools to build Docker images. Many app developers discover that certain tools, such as Jenkins or Docker Community Edition, make it easier to customize existing Docker images and store them in ECR.

Amazon ECR offers greater control over containers and protects application infrastructure from problems that occur when application packages or libraries update. Developers can also more easily test applications in their development environments, whether or not they're connected to the internet.

AWS enhanced its stable of distributed app tools with improvements to CloudFormation and ECS, decreasing the need for a separate configuration management tool. Often, enterprises that work with Chef prefer OpsWorks. Otherwise, ECR offers better control for developers, testers and product teams, enabling them to tailor containers as needed.

Next Steps

Build Docker images with AWS CodeBuild

Make sense of containers in Amazon EC2 Container Service

Automate configuration security with AWS OpsWorks

Dig Deeper on AWS instances strategy and setup