Introduction
This article discusses using Elastic Container Registry (ECR) as an image repository. AWS Elastic Container Registry is a fully managed container image registry service that Amazon Web Services (AWS) provides. It is used to store, manage, and deploy container images (Docker images) securely, making it an essential component of your containerized application development workflow.
Why Use AWS ECR?
Before diving into the setup, let’s understand why AWS ECR is a preferred choice over other container registries like Docker Hub, Google Container Registry (GCR), and Azure Container Registry (ACR).
Key Benefits of AWS ECR
✔️ Fully Managed – No need to set up and maintain your own container registry. AWS handles scaling, security, and maintenance.
✔️ High Security – Supports IAM-based access controls and AWS KMS encryption for protecting images.
✔️ Deep Integration – Works seamlessly with AWS services like ECS, EKS, Lambda, and CodePipeline.
✔️ Automated Image Scanning – Identifies vulnerabilities in container images.
✔️ Lifecycle Policies – Automatically deletes old or unused images to save storage costs.
Prerequisite
Pushing a Docker Image to ECR
After creating the repository, follow these steps to push your Docker image to AWS ECR.
1. Authenticate Docker with AWS ECR
Run the following command to authenticate Docker with AWS ECR:
bash
aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <aws-account-id>.dkr.ecr.<your-region>.amazonaws.com
Replace <your-region> (e.g., us-east-1) and <aws-account-id> with your actual AWS credentials.
Note: If authentication fails, ensure your IAM user has the AmazonEC2ContainerRegistryFullAccess policy attached.
2. Build the Docker Image
Navigate to your application’s directory and build a Docker image:
bash
docker build -t my-app .
This command will create a Docker image with the tag my-app.
3. Tag the Image for AWS ECR
Tag the Docker image to match your AWS ECR repository URL:
bash
docker tag my-app:latest <aws-account-id>.dkr.ecr.<your-region>.amazonaws.com/my-app-repo:latest
4. Push the Image to ECR
Finally, push the tagged image to the ECR repository:
bash
docker push <aws-account-id>.dkr.ecr.<your-region>.amazonaws.com/my-app-repo:latest
Once completed, your image will be available in AWS ECR for deployment.
Setup
- Log in to your AWS dashboard, search for ECR, and click on it
- Create a repository -- note that the default repository for ECR is private.
- Provide a name for the repository, and click Create.
Once the repository is created, click on the "view push command"
Follow the commands to push your image to the created repository.
- Authenticate the docker client
Troubleshooting Common Issues
❌ Error: no basic auth credentials
Solution: Run aws ecr get-login-password and ensure your IAM user has AmazonEC2ContainerRegistryFullAccess.
❌ Error: AccessDeniedException
Solution: Verify that your IAM role has the correct ECR permissions (ecr:PutImage, ecr:GetAuthorizationToken).
❌ Docker Push Fails with 403 Error
Solution: Ensure your AWS region and repository URL are correct.
Conclusion
AWS Elastic Container Registry (ECR) provides a secure, scalable, and fully managed solution for storing and managing container images. By following this guide, you can:
✅ Set up an ECR repository
✅ Push and manage Docker images
✅ Integrate ECR with ECS, EKS, and AWS Lambda
✅ Automate deployments using AWS CodePipeline
With AWS ECR, managing containerized applications becomes seamless and efficient.