Amazon ECR (Elastic Container Registry) is a container image registry managed by AWS.
Overview
- ECR provides private container image repositories.
- You can integrate ECR with ECS or EKS to pull images.
- It can be secured with resource-based permissions via IAM.
- Supported Formats
- Docker Images
- OCI (Open Container Initiative) Images
- OCI artifacts
Components
- Repository
- Image storage
- Authorization Token
- required to push/pull images to/from the ECR repository
- Repository Polices
- access control to repositories and images
Features
- Image Scanning
- ECR scans images and identifies security vulnerabilities.
- You can set the repository setting to scan images on push.
- Caching
- You can cache images in the public repository into your private repository.
Pushing a Docker Image to a ECR Repository
- Authenticate your Docker client to the ECR registry
- Create a repository if it does not exist yet
- Identify the local image to push
- Tag your image with the ECR registry, repository, and optional image tag name
- Push the image using the docker push command
> aws ecr get-login-password --region {region} \
| docker login --username AWS --password-stdin {aws_account_id}.dkr.ecr.{region}.amazonaws.com
> docker images
> docker tag {image_id} {aws_account_id}.dkr.ecr.{region}.amazonaws.com/{repository_name}:tag
> docker push {aws_account_id}.dkr.ecr.{region}.amazonaws.com/{repository_name}:tag