Using Elastic Container Registry (ECR) as an image repository.

Question

Introduction

This article discusses using Elastic Container Registry (ECR) as an image repository. AWS Elastic Container Registry is a fully managed container image registry service that Amazon Web Services (AWS) provides. It is used to store, manage, and deploy container images (Docker images) securely, making it an essential component of your containerized application development workflow.

Why Use AWS ECR?

Before diving into the setup, let’s understand why AWS ECR is a preferred choice over other container registries like Docker Hub, Google Container Registry (GCR), and Azure Container Registry (ACR).

Key Benefits of AWS ECR

✔️ Fully Managed – No need to set up and maintain your own container registry. AWS handles scaling, security, and maintenance.

✔️ High Security – Supports IAM-based access controls and AWS KMS encryption for protecting images.

✔️ Deep Integration – Works seamlessly with AWS services like ECS, EKS, Lambda, and CodePipeline.

✔️ Automated Image Scanning – Identifies vulnerabilities in container images.

✔️ Lifecycle Policies – Automatically deletes old or unused images to save storage costs.

Prerequisite

• Create an AWS account
• Install docker on your local computer
• Install AWS CLI
• Create an IAM user with an Access Key and Secret Access Key

Pushing a Docker Image to ECR

After creating the repository, follow these steps to push your Docker image to AWS ECR.

1. Authenticate Docker with AWS ECR

Run the following command to authenticate Docker with AWS ECR:

bash

aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <aws-account-id>.dkr.ecr.<your-region>.amazonaws.com

Replace <your-region> (e.g., us-east-1) and <aws-account-id> with your actual AWS credentials.

Note: If authentication fails, ensure your IAM user has the AmazonEC2ContainerRegistryFullAccess policy attached.

2. Build the Docker Image

Navigate to your application’s directory and build a Docker image:

bash

docker build -t my-app .

This command will create a Docker image with the tag my-app.

3. Tag the Image for AWS ECR

Tag the Docker image to match your AWS ECR repository URL:

bash

docker tag my-app:latest <aws-account-id>.dkr.ecr.<your-region>.amazonaws.com/my-app-repo:latest

4. Push the Image to ECR

Finally, push the tagged image to the ECR repository:

bash

docker push <aws-account-id>.dkr.ecr.<your-region>.amazonaws.com/my-app-repo:latest

Once completed, your image will be available in AWS ECR for deployment.

Setup

1. Log in to your AWS dashboard, search for ECR, and click on it
2. Create a repository -- note that the default repository for ECR is private.
3. Provide a name for the repository, and click Create.
   

1. Once the repository is created, click on the "view push command"
   

2. Follow the commands to push your image to the created repository.

• Authenticate the docker client

• Build the image

• Tag the image

• Push the image

Troubleshooting Common Issues

❌ Error: no basic auth credentials
Solution: Run aws ecr get-login-password and ensure your IAM user has AmazonEC2ContainerRegistryFullAccess.

❌ Error: AccessDeniedException
Solution: Verify that your IAM role has the correct ECR permissions (ecr:PutImage, ecr:GetAuthorizationToken).

❌ Docker Push Fails with 403 Error
Solution: Ensure your AWS region and repository URL are correct.

Conclusion

AWS Elastic Container Registry (ECR) provides a secure, scalable, and fully managed solution for storing and managing container images. By following this guide, you can:

✅ Set up an ECR repository

✅ Push and manage Docker images

✅ Integrate ECR with ECS, EKS, and AWS Lambda

✅ Automate deployments using AWS CodePipeline

With AWS ECR, managing containerized applications becomes seamless and efficient.