How to install Docker on AWS EC2 instance with AMI (CE/EE Update)

To get Docker running on the AWS AMI you should follow the steps below (these are all assuming you have ssh'd on to the EC2 instance).

  1. Update the packages on your instance

    [ec2-user ~]$ sudo yum update -y

  2. Install Docker

    [ec2-user ~]$ sudo yum install docker -y

  3. Start the Docker Service

    [ec2-user ~]$ sudo service docker start

  4. Add the ec2-user to the docker group so you can execute Docker commands without using sudo.

    [ec2-user ~]$ sudo usermod -a -G docker ec2-user

You should then be able to run all of the docker commands without requiring sudo. After running the 4th command I did need to logout and log back in for the change to take effect.


The hardest part to figure all of this out was the container-selinux requirement. Just find the latest version in http://mirror.centos.org/centos/7/extras/x86_64/Packages/ and install that first. In addition EC2 instances may not have a proper entropy generator so haveged may need to be installed.

The rest is taken from https://docs.docker.com/install/linux/docker-ce/centos/ with the addition of haveged and firewalld. All these have to be done as root so sudo appropriately.

yum install -q -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.42-1.gitad8f0f7.el7.noarch.rpm
yum install -q -y http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/h/haveged-1.9.1-1.el7.x86_64.rpm
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -q -y firewalld docker-ce
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --add-port=2377/tcp --permanent
firewall-cmd --add-port=2376/tcp --permanent
firewall-cmd --add-port=7946/tcp --permanent
firewall-cmd --add-port=7946/udp --permanent
firewall-cmd --add-port=4789/udp --permanent
firewall-cmd --zone=public --permanent --add-masquerade
firewall-cmd --reload
systemctl enable haveged
systemctl start haveged
systemctl enable docker
systemctl start docker
setenforce 1

Enable SELinux by modifying /etc/sysconfig/selinux to be

SELINUX=enforcing
SELINUXTYPE=targeted

Then reboot your instance by issuing shutdown -r now

Executing sudo docker version should yield as of the time of this posting...

Client:
 Version:       18.03.0-ce
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    0520e24
 Built: Wed Mar 21 23:09:15 2018
 OS/Arch:       linux/amd64
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:      18.03.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   0520e24
  Built:        Wed Mar 21 23:13:03 2018
  OS/Arch:      linux/amd64
  Experimental: false

Per https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html

The current Amazon ECS-optimized AMI (amzn-ami-2017.09.j-amazon-ecs-optimized) consists of:

  • The latest minimal version of the Amazon Linux AMI
  • The latest version of the Amazon ECS container agent (1.17.2)
  • The recommended version of Docker for the latest Amazon ECS container agent (17.12.0-ce)
  • The latest version of the ecs-init package to run and monitor the Amazon ECS agent (1.17.2-1)

You can see the history at https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-ami-versions.html