An official Docker Image with the AWS CLI for use in CI/CD scenarios

[matti]

I read Issue #3529 and #3291 and saw those were closed, with the only reaction hinting it was 'not that complicated'. However, the comment also acknowledged that doing this yourself would run the risk of being out of date. Apart from exactly that point, I would also like to point out that, for commercial users, having an official Amazon image is hugely preferential to "/aws-cli:latest".

In my case, I would be using this in a Google Cloud Build because it is far superior than AWS CodeBuild.

[nscavell]

I am here because I too am looking for an official aws-cli docker image to use in my CI/CD environment. Instead I am now going to create ANOTHER pipeline to build a docker image which includes the aws cli when I could just reference the official one in my original pipeline.

Also...someone else gets it too https://hub.docker.com/r/google/cloud-sdk.

[justnance]

@matti and @nscavell, Thank you for following up on this topic. Sounds like there enough interest in this feature request to keep this open. This issue will be used to track an official Docker image for the AWS CLI. Please +1 it to show interest and help us prioritize this.

Thanks.

[matti]

Isn't +1 considered harmful ;)

Anyway this is the third (?) issue created about this...

[Deamon]

👍 add my +1

I have to create my own docker image to only include awsCLI in my CI. I would prefere an official one

[tim-palmer]

+1

[fraajad]

+1

[mathiewz]

+1

[derickson82]

+1

[riznob]

+1

[robert-smith-nike]

+1

[harsha91]

+1

[ecimionatto]

+1

[QualityADHD]

+1

[matti]

@justnance enough?

[nidi3]

+1

[ina-stoyanova]

+1

[lunarxlark]

+1

[davidconde]

+1

[nhoughto]

Another reason is when using an OS like coreOS that has no package management the idiomatic way of running things is via a container. I'm surprised the need for this would even be questioned, is an obvious omission. 👍

+1

[serlank]

👍

[cduris]

+1

[sigursoft]

+1

[jacky-tam]

+1

[dataplex]

+1

[kvc-code]

+1

[Rabadash8820]

As the opener of #3291 (the earliest of the three quoted Issues lol), I'm glad to see that this issue is finally gaining traction. To all future responders, when @justnance says "Please +1 it to show interest", he means add a like on the first comment, that's the proper way to +1 things on GitHub so that you're not spamming the maintainers' mailboxes.

[creduo]

This doesn't look like well maintained, but here's another one

https://hub.docker.com/r/amazon/lambda-build-node10.x

[pablosjv]

I have just spotted this into the wild: https://hub.docker.com/r/amazon/aws-cli

It seems that it's finally here :)

[anjakammer]

@pablosjv it is not an official or certified image. Be aware of that.

[lucasbasquerotto]

@anjakammer It seems it's an official amazon image, even though it's not an official image published by Docker.

I don't know if it's production ready tough, because they said nothing in this issue yet.

[scarytom]

Curious how this AWS image is 98.42 MB whereas others (e.g. atlassian/pipelines-awscli) are much smaller.

[mbaitelman]

https://aws.amazon.com/blogs/developer/aws-cli-v2-docker-image/

[kyleknap]

CLI team member here. Yep I can confirm we have officially launched a Docker image for the AWS CLI v2! I recommend reading the following:

• Blog post introducing it: https://aws.amazon.com/blogs/developer/aws-cli-v2-docker-image/
• User guide entry: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-docker.html
• DockerHub repository: https://hub.docker.com/r/amazon/aws-cli

I'm going to close out this issue. If you have feedback or questions about the image, please open another GitHub issue in this repository.

[Rabadash8820]

As opener of the original issue #3291, those many years ago, my aching ❤️ is filled with such joy to see my concerns finally validated, and an official Docker image now available. Pot shots about how long it took to make this image aside, I'm sure this was much easier said than done, so a big thanks to the Amazon devs who made this happen. You all do excellent work. 👏🎉👏

Okay Alexa, I thanked them, please let my family go now.

[zerkms]

Is the Dockerfile available anywhere?

[dbirks]

@zerkms Aha, found it in the v2 branch:
https://github.com/aws/aws-cli/blob/v2/docker/Dockerfile

[pSnehanshu]

I guess they are finally doing it, but I couldn't get it to run on Gitlab CI https://hub.docker.com/r/amazon/aws-cli

I'm instead using Gitlab's AWS CLI docker image, and it works perfectly. Just use

image: registry.gitlab.com/gitlab-org/cloud-deploy:latest

UPDATE:

The above image is deprecated, use the new one instead.

image: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest

[mikesir87]

Note that to use the image on GitLab CI, you will need to manually set an empty entrypoint, as the amazon/aws-cli image sets the entrypoint to /usr/local/bin/aws. An example...

image:
    name: amazon/aws-cli
    entrypoint: [""]

[pSnehanshu]

@mikesir87 why's that?

[lucasbasquerotto]

@pSnehanshu I think that's because you run the image as if it was the cli itself, like docker run --rm amazon/aws-cli <<command>>, which would be similar to running the cli with aws <<command>>, instead of docker run --rm amazon/aws-cli aws <<command>>. There are pros and cons with each approach, depending on what you prefer, and the way you run the image, but overriding the entrypoint should do the trick anyway.

[pSnehanshu]

@lucasbasquerotto I have settled for Gitlab's image anyway. Anyway, thanks for the explanation.

[blagerweij]

In case anyone is still interested to get AWS CLI v2 working on Alpine Linux, here's an example Dockerfile:

FROM alpine:3.11 AS builder

ENV GLIBC_VER=2.31-r0

# install glibc compatibility for alpine
RUN apk add --no-cache --virtual .build-deps \
        binutils \
        curl
RUN curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub
RUN curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk
RUN curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk
RUN apk add --no-cache \
        glibc-${GLIBC_VER}.apk \
        glibc-bin-${GLIBC_VER}.apk

# install AWS CLI
RUN curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip
RUN unzip awscliv2.zip
RUN aws/install

FROM alpine:3.11
MAINTAINER Barry Lagerweij
RUN apk --update --no-cache --virtual .build-deps add \
    groff \
    && rm -rf /var/cache/apk/*
COPY --from=builder /usr/local/aws-cli/ /usr/local/aws-cli/
COPY --from=builder /usr/local/bin/ /usr/local/bin/
COPY --from=builder /usr/lib/ /usr/lib/
COPY --from=builder /lib64 /lib64
COPY --from=builder /usr/glibc-compat/ /usr/glibc-compat/
COPY --from=builder /lib/ld-linux-x86-64.so.2 /lib/

The problem was that AWS CLI v2 uses GLIBC, but Alpine Linux has limited GLIBC support (it uses 'musl', a light-weight alternative). The Dockerfile above installs the missing glibc libraries, and uses a multi-stage Dockerfile to keep the final image small. With a bit of effort, we can probably reduce the image size even further by only including the files from /usr/lib that are really required.

[blagerweij]

After some refactorings, I've managed to reduce the image size even further:

ARG ALPINE_VERSION=3.15.4

FROM alpine:${ALPINE_VERSION}

ARG GLIBC_VERSION=2.34-r0
ARG AWSCLI_VERSION=2.6.1

# install glibc compatibility for alpine
RUN apk --no-cache add \
        binutils \
        curl \
    && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk \
    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-i18n-${GLIBC_VERSION}.apk \
    && apk add --no-cache \
        glibc-${GLIBC_VERSION}.apk \
        glibc-bin-${GLIBC_VERSION}.apk \
        glibc-i18n-${GLIBC_VERSION}.apk \
    && /usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8 \
    && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip \
    && unzip awscliv2.zip \
    && aws/install \
    && rm -rf \
        awscliv2.zip \
        aws \
        /usr/local/aws-cli/v2/current/dist/aws_completer \
        /usr/local/aws-cli/v2/current/dist/awscli/data/ac.index \
        /usr/local/aws-cli/v2/current/dist/awscli/examples \
        glibc-*.apk \
    && find /usr/local/aws-cli/v2/current/dist/awscli/botocore/data -name examples-1.json -delete \
    && apk --no-cache del \
        binutils \
        curl \
    && rm -rf /var/cache/apk/*

The auto-complete index and example files are removed, and also 'groff' is removed (I'm assuming people don't need help pages in their Docker images)

[flaccid]

This is very simple, https://github.com/flaccid/docker-awscli/blob/master/Dockerfile and does the job but let me know via my github issues if anything else is needed in the image (valid use case).

[blagerweij]

This is very simple, https://github.com/flaccid/docker-awscli/blob/master/Dockerfile and does the job but let me know via my github issues if anything else is needed in the image (valid use case).

The above APK is based on AWS-CLI 1.18, not on the v2 CLI.

[keeganwitt]

Any chance Amazon would consider creating an image with version 1 of the CLI?

[Rabadash8820]

@keeganwitt You should open a new Issue for that request. 👍