How can I push a prebuild image from Docker hub (or another ECR) repository to my fresh ECR repository, pushing from within an unprivileged Fargate container on ECS?
Why:
I set up Amazon ECS and scaffold the setup using a standard image I currently host in Docker hub. All the setup is done with Terraform which also pulls and pushes the image from Docker hub to ECR so the ECS service can start pulling the image.
Terraform - Setup ECR
<- Pull image from DockerHub
-> Push image to ECR
- Setup ECS (service and task definition)
Now I want to move the Terraform run from my local macOS to a pipeline which runs on ECS as a container. As I make use of the kreuzwerker/docker provider, I depend on the docker runtime. Sadly, Fargate ECS does not support Docker in Docker, and I'm kind of stuck how to "setup" ECR with my prebuild image.
Any help would be appreciated.
What I considered so far:
- skopeo - maybe the ultimate solution, but has no native Terraform support
- kaniko - potentially a solution, but I would need a lot of work to set it up inside my pipeline and do not know how to embed it into Terraform
- aws ecr CLI - does not support pull and push commands
- Docker in Docker - is not supported by Fargate as it does not allow privileged containers
- sysbox - requires change of runtime and also not supported in Fargate