Mastering Amazon Elastic Container Registry (ECR): A Hands-On Guide

Amazon Elastic Container Registry (ECR) is a pivotal AWS service designed to securely manage Docker container images. ECR enables you to store, manage, and deploy Docker container images in a highly scalable environment. This post will guide you through ECR’s key features and provide a step-by-step tutorial on using it with the AWS CLI.

Key Features of Amazon ECR

  • Private and Public Repositories: ECR allows for both private and public image management. You can control who can pull your images via private repositories or share your images with the world through the Amazon ECR Public Gallery.
  • Security and Compliance: ECR provides robust security features that are essential for enterprise usage. Access is controlled through AWS Identity and Access Management (IAM), and the service includes automatic image scanning for vulnerabilities, and supports image immutability to prevent overwriting.
  • High Availability and Integration: Fully integrated with Amazon ECS and Amazon Kubernetes Service (EKS), ECR uses Amazon S3 for underlying storage, ensuring data durability and high availability.
  • Simplified Workflow: Supports Docker CLI commands for push and pull operations, making it seamless to integrate into your existing Docker workflows, especially if you’re transitioning from Docker Hub.

Hands-On with Amazon ECR Using AWS CLI

Step 1: Configuring the AWS CLI

Ensure your AWS CLI is set up and configured. If not, refer to this CLI configuration article.

Step 2: Ensure docker is installed

docker --version

Step 3: Logging into ECR

Login to the ECR to authenticate your Docker client to your registry:

# don't forget to update the region and aws_account_id
aws ecr get-login-password --region region | docker login --username AWS --password-stdin

You should see a “Login Succeeded” message.

Step 4: Creating a Private Repository

Navigate to Amazon ECR and create a private repository. I’ll name mine hello. Optionally, you can enable the following settings:

  • Tag Immutability: Prevent the same tag from being overwritten.
  • Scan on Push: Enable automatic scanning of images upon pushing.
  • KMS Encryption: Opt for encryption of images stored within the repository.

Step 5: Pulling and Tagging an Image

Instead of building an image from scratch, let’s pull an existing image from Docker Hub, tag it, and prepare it for pushing to your ECR repository:

docker pull nginxdemos/hello
# don't forget to update the region
docker tag nginxdemos/hello:latest

Step 6: Pushing the Image to ECR

Push the tagged image to your newly created ECR repository:

# don't forget to update the region
docker push

Step 7: Verifying the Image in ECR

Refresh your ECR repository page to see the pushed image with the ‘latest’ tag now listed.

Next Steps

Explore setting up your own task definition and launch an ECS service in an ECS cluster using either EC2 or Fargate launch types.


Amazon ECR simplifies Docker image management on AWS, providing a secure, scalable environment for your container applications. Whether for private use or public sharing, ECR integrates smoothly with your DevOps pipelines, enhancing your deployment workflows.

Happy deploying!