Happened today that our CI system created a new Docker Image with a tag that was supposed to be used in production. So, we faced with a Docker Image tagged like the production one but it wasn’t the production one at all and, on the other hand, the Docker Image from production was there untagged. What should we do?
Actually, the process is quite simple if you know how to cope with that. First we have to log into the ECR Service.
$ $(aws ecr get-login --no-include-email --region eu-west-1) Login Succeeded
Then locate the sha256 and download the manifest.
$ MANIFEST=$(aws ecr batch-get-image --repository-name sandbox --image-ids imageDigest=sha256:e226e9aaa12beb32bfe65c571cb60605b2de13338866bc832bba0e39f6819365 --query 'images.imageManifest' --output text)
You can find the sha256 in the Image list, copy and paste the one belongs to the untagged image.
The manifest is basically all the layers which conform the Docker Image.
Then tag the image
$ aws ecr put-image --repository-name sandbox --image-tag backup --image-manifest "$MANIFEST"
Now, you are able to pull the new tagged image
docker pull myarn.amazonaws.com/sandbox:backup