Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. You can use Amazon ECR and Amazon Elastic Container Service (ECS) together to securely and easily collaborate and deploy across your development, testing, and production environments.

Amazon Elastic Container Service integration

Amazon ECR is integrated with Amazon ECS allowing you to easily store, run, and manage container images for applications running on Amazon ECS. All you need to do is specify the Amazon ECR repository in your Task Definition and Amazon ECS will retrieve the appropriate images for your applications.

Docker support

Amazon ECR supports Docker Registry HTTP API V2 allowing you to use Docker CLI commands (e.g., push, pull, list, tag) or your preferred Docker tools to interact with Amazon ECR, maintaining your existing development workflow. You can easily access Amazon ECR from any Docker environment, whether in the cloud, on-premises, or on your local machine.

Task Definitions

Amazon ECS allows you to define tasks through a declarative JSON template called a Task Definition. Within a Task Definition you can specify one or more containers required for your task, including the Docker repository and image, memory and CPU requirements, shared data volumes, and how the containers are linked to each other. You can launch as many tasks as you want from a single Task Definition file that you can register with the service. Task Definition files also allow you to version control your application specification.

High availability and durability

Amazon ECR stores your container images in Amazon S3. Your data is redundantly stored across multiple facilities and multiple devices in each facility.

Team collaboration

Amazon ECR supports the ability to define and organize repositories in your registry using namespaces. This allows you to organize your repositories based on your team’s existing workflows. You can set which API actions another user may perform on your repository (e.g., create, list, describe, delete, and get) through resource-level policies, allowing you to easily share your repositories with different users and Amazon Web Services accounts.

Access control

Amazon ECR uses Amazon Identity and Access Management to control and monitor who and what (e.g., EC2 instances) can access your container images. Through IAM you can define policies to allow users within the same Amazon Web Services account or other accounts to access your container images. You can also further refine these policies by specifying different permissions for different users and roles, e.g push, pull, or full admin access.

Encryption

You can transfer your container images to and from Amazon Elastic Container Registry via HTTPS. Your images are also automatically encrypted at rest.

Image Replication

With Amazon ECR image replication feature, you can replicate images across regions and accounts within Amazon Web Services China regions. Amazon ECR Replication provides a simple and reliable way to replicate images, and eliminates the operational burden of manually pushing images to multiple regions and accounts. Replication can be configured at the ECR private registry level. This means, once replication is configured, all content pushed to private ECR repositories is automatically copied to multiple other repositories in different accounts and/or regions.

Intended Usage and Restrictions

Your use of this service is subject to the Amazon Web Services Customer Agreement.