Amazon ECR – Elastic Container Registry

What Is ECR?

ECR (Elastic Container Registry) is AWS's managed Docker image registry — like Docker Hub but hosted on AWS, fully integrated with ECS and IAM.

Images are stored in Amazon S3 behind the scenes.

Private vs Public

	Private	Public
Access	Your AWS account only	Anyone can pull
Use case	Your own apps	Open source / shared images
Gallery	—	https://gallery.ecr.aws

How It Works with ECS

Build Docker image locally
    |
docker push --> image stored in ECR
    |
ECS Task Definition references the ECR image URI
    |
ECS pulls image using IAM Role --> runs as container

If ECS cannot pull the image — always check IAM permissions first. A pull failure almost always means a missing policy on the ECS role.

Pushing an Image to ECR (4 Commands)

After creating a repo in ECR Console, click "View push commands" — AWS gives you the exact commands. No need to memorize.

# 1. Authenticate Docker to ECR
aws ecr-public get-login-password --region us-east-1 | \\
  docker login --username AWS --password-stdin public.ecr.aws/xxxxxx

# 2. Build your image
docker build -t node-app-demo .

# 3. Tag it
docker tag node-app-demo:latest public.ecr.aws/xxxxxx/node-app-demo:latest

# 4. Push it
docker push public.ecr.aws/xxxxxx/node-app-demo:latest

Key Features

Vulnerability scanning — scans images for security issues
Image versioning and tags — e.g. v1.0, latest, prod
Lifecycle policies — auto-delete old images to save storage cost
IAM-based access control — all permissions managed via IAM policies

What Is ECR?

Private vs Public

How It Works with ECS

Pushing an Image to ECR (4 Commands)

Key Features

Exam Tips