Move from Docker Hub images to ECR public images.

[epf]

trafficstars

In November 2020, Docker Hub started enforcing request limits for fetching images. Because build infrastructure inside AWS CodeBuild is shared, any build job that pulls from Docker Hub is almost guaranteed to fail.

There are four solutions to this problem:

1. Modify the CodeBuild jobs to build inside our VPC (and use our NAT Gateway). This would require specifying the VpcId as well as Subnets and Security Groups as parameters to the CFN template we used to create the build jobs. Since we re-use the CFN template five times, this is a huge pain.
2. Incorporate a Docker Hub login into the build process, as outlined here. This will require everyone to have a Docker Hub account and the proper way to do this involves using AWS Secrets Manager. I decided this was also too much pain.
3. Pull our own copies of the images on Docker Hub and upload them to our private ECR for use. While fairly simple, this feels inelegant.
4. Stop using Docker Hub altogether and only use images that are publicly available on ECR.

I went with option 4. In hindsight, 2 or 3 was probably the right decision, but at least this unblocked me from continuing with the course.