AWS ECR Integration with EKS for Trendify Commerce

AWS ECR Integration with EKS for Trendify Commerce

AMJ Cloud Technologies partnered with Trendify Commerce, an e-commerce company, to streamline their containerized application deployment on AWS Elastic Kubernetes Service (EKS) by integrating AWS Elastic Container Registry (ECR). This project involved building a custom Docker image for a frontend microservice, pushing it to a private ECR repository, and deploying it on EKS with an Application Load Balancer (ALB) Ingress and Route 53 DNS (frontend.trendifycommerce.com). The solution eliminated manual container management, enhanced security, and ensured scalability for Trendify’s e-commerce platform.

Situation

Trendify Commerce relied on public container registries, posing security risks and complicating their deployment pipelines. Their existing EKS cluster required a secure, automated process for managing custom container images. AMJ was tasked with integrating ECR to store and deploy a Dockerized frontend microservice, ensuring secure access via HTTPS and automated DNS registration.

Task

The objectives were to:

• Create an ECR repository for the frontend microservice.
• Build and push a custom Docker image to ECR.
• Update Kubernetes manifests to use the ECR image.
• Deploy the microservice on EKS with ALB Ingress and External DNS.
• Verify access via https://frontend.trendifycommerce.com.
• Complete the project within one month.

Action

Our team executed the following steps, adhering to AWS and Kubernetes best practices:

Prerequisites

• Used Trendify’s existing EKS cluster (ecommerce-cluster, version 1.31) with AWS CLI v2 and Docker Desktop installed locally:

  aws --version
  docker --version
  

• Configured AWS CLI with credentials:

  aws configure
  

• Ensured AWS Load Balancer Controller (v2.8.0) and External DNS were running:

  helm install load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=ecommerce-cluster --set image.tag=v2.8.0
  helm install external-dns external-dns/external-dns -n kube-system --set provider=aws --set aws.region=us-east-1
  kubectl get pods -n kube-system
  

• Verified EKS worker node IAM role had AmazonEC2ContainerRegistryReadOnly policy:

  aws iam list-attached-role-policies --role-name <node-role-name>
  

Create ECR Repository

• Created an ECR repository via AWS CLI:

  aws ecr create-repository --repository-name ecommerce-frontend --region us-east-1
  

• Enabled tag immutability and scan-on-push:

  aws ecr put-image-tag-mutability --repository-name ecommerce-frontend --image-tag-mutability IMMUTABLE --region us-east-1
  aws ecr put-image-scanning-configuration --repository-name ecommerce-frontend --image-scanning-configuration scanOnPush=true --region us-east-1
  

Build and Push Docker Image

• Created a custom index.html for the frontend:

  <!DOCTYPE html>
  <html>
    <body style="background-color:rgb(217, 250, 210);">
      <h1>Welcome to Trendify Commerce</h1>
      <h3>AWS EKS & ECR Integration</h3>
    </body>
  </html>
  

• Defined a Dockerfile:

  FROM nginx:latest
  COPY index.html /usr/share/nginx/html/index.html
  

• Built and tested the Docker image locally:

  docker build -t <account-id>.dkr.ecr.us-east-1.amazonaws.com/ecommerce-frontend:1.0.0 .
  docker run --name frontend -p 80:80 --rm -d <account-id>.dkr.ecr.us-east-1.amazonaws.com/ecommerce-frontend:1.0.0
  curl http://localhost
  docker stop frontend
  

• Authenticated Docker to ECR and pushed the image:

  aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com
  docker push <account-id>.dkr.ecr.us-east-1.amazonaws.com/ecommerce-frontend:1.0.0
  

• Verified image and scan results in the AWS ECR Console.

Deploy to EKS

• Configured Kubernetes manifests for deployment:

  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: frontend-deployment
    labels:
      app: frontend
  spec:
    replicas: 2
    selector:
      matchLabels:
        app: frontend
    template:
      metadata:
        labels:
          app: frontend
      spec:
        containers:
          - name: frontend
            image: <account-id>.dkr.ecr.us-east-1.amazonaws.com/ecommerce-frontend:1.0.0
            ports:
              - containerPort: 80
            resources:
              requests:
                memory: "128Mi"
                cpu: "500m"
              limits:
                memory: "256Mi"
                cpu: "1000m"
  

• Configured NodePort Service:

  apiVersion: v1
  kind: Service
  metadata:
    name: frontend-service
    labels:
      app: frontend
    annotations:
      alb.ingress.kubernetes.io/healthcheck-path: /index.html
  spec:
    type: NodePort
    selector:
      app: frontend
    ports:
      - port: 80
        targetPort: 80
  

• Configured ALB Ingress with External DNS:

  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: frontend-ingress
    labels:
      app: frontend
    annotations:
      alb.ingress.kubernetes.io/load-balancer-name: ecommerce-ingress
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:<account-id>:certificate/<certificate-id>
      alb.ingress.kubernetes.io/ssl-redirect: "443"
      external-dns.alpha.kubernetes.io/hostname: frontend.trendifycommerce.com
      alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
      alb.ingress.kubernetes.io/healthcheck-interval-seconds: "15"
      alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5"
      alb.ingress.kubernetes.io/success-codes: "200"
      alb.ingress.kubernetes.io/healthy-threshold-count: "2"
      alb.ingress.kubernetes.io/unhealthy-threshold-count: "2"
  spec:
    ingressClassName: alb-ingress-class
    rules:
      - http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: frontend-service
                  port:
                    number: 80
  

• Deployed manifests:

  kubectl apply -f manifests/
  

• Verified deployment:

  kubectl get deploy,svc,po,ingress
  kubectl get nodes -o wide
  

Test Application Access

• Verified HTTPS access after ALB provisioning and Route 53 DNS registration:

  https://frontend.trendifycommerce.com/index.html
  

• Checked External DNS logs:

  kubectl logs -f $(kubectl get po -n kube-system | egrep -o 'external-dns[A-Za-z0-9-]+')
  

Result

The project delivered a secure, scalable solution for Trendify Commerce:

• Scalability Achievement: Deployed a scalable frontend microservice on EKS with automated load balancing.
• Automation Level: Fully automated Docker image build, ECR push, and EKS deployment.
• Security Improvement: Secured container images in a private ECR repository with vulnerability scanning and HTTPS access.

Technologies Used

• AWS EKS
• AWS Elastic Container Registry (ECR)
• AWS Load Balancer Controller
• Kubernetes Ingress
• External DNS
• Application Load Balancer
• AWS Route 53
• AWS Certificate Manager
• Docker

Key Takeaways

This case study highlights AMJ Cloud Technologies’ expertise in integrating AWS ECR with EKS for Trendify Commerce’s e-commerce platform. The automated pipeline, private registry, and secure deployment provide a model for containerized applications in high-traffic environments.