ECR: Storing and Pulling Container Images
Push Docker images to Amazon ECR, apply lifecycle policies to trim old images, and pull images securely into ECS tasks.
What Is Amazon ECR?
Amazon Elastic Container Registry (ECR) is a fully managed Docker-compatible container image registry. It stores, manages, and deploys container images securely within AWS. ECR eliminates the need to operate your own registry infrastructure and integrates natively with ECS, EKS, Lambda (container images), and CodeBuild. Images stored in ECR are replicated for high availability and can be scanned for security vulnerabilities automatically.
Private vs Public ECR Repositories
ECR supports two repository types: Private repositories in Amazon ECR require AWS authentication to pull images—ideal for proprietary application images. Access is controlled by IAM policies and repository resource policies. Public repositories on ECR Public Gallery (public.ecr.aws) allow unauthenticated pulls from anywhere on the internet—ideal for open-source base images, public tools, and AWS-provided images (Lambda base images, ECS-optimised AMI images). Public repositories have a free pull allowance with rate limits for unauthenticated requests.
# Create a private ECR repository
aws ecr create-repository \
--repository-name 'myapp/backend' \
--image-scanning-configuration scanOnPush=true \
--image-tag-mutability IMMUTABLEAll lessons in this course
- ECS Clusters, Task Definitions, and Services
- EC2 Launch Type vs Fargate
- ECR: Storing and Pulling Container Images
- ECS Service Auto Scaling and Load Balancing