Amazon ECR (Amazon Elastic Container Registry) is a container image registry service managed by Amazon Web Servers (AWS) that is scalable, secure, and reliable. Amazon Elastic Container Registry supports private container image repositories with resource-based permissions using AWS Identity Access Management (IAM). Amazon Elastic Container Registry (Amazon ECR) helps specified users or Amazon EC2 instances access their container repositories and images. Users can use their preferred command-line interface (CLI) to pull, push, and manage Docker images, Open Container Initiative (OCI) compatible artifacts, and Open Container Initiative (OCI) images. Amazon Elastic Container Registry (Amazon ECR) supports public container image repositories as well.
Get Started with Amazon ECR
Set up to Use Amazon ECR
Users need to complete the following tasks to get set up to push a container image to Amazon ECR for the first time. If these steps are already completed, skip them and move on to the next step.
Sign up for AWS
When a user signs up for Amazon Web Services, their account is automatically signed up for all the services in AWS, including Amazon Elastic Container Registry, and they are charged only for the services they use.
With Amazon ECR, users only need to pay for what they use. If you already have an AWS account, skip to the next task. If not, follow the below steps to create an AWS account.
- Open a web browser and go to the AWS Sign up page https://portal.aws.amazon.com/billing/signup
- Follow the detailed online instruction.
- Note that part of the sign-up procedure involves getting a phone call and entering the verification code on the phone keypad.
Create an IAM User
To create an administrator user and add that user to an administrators group (console), follow the below steps:
1. Sign in to the IAM console as the account owner by choosing Root user and enter the AWS account email address. On the next page, enter your password.
2. In the navigation panel, choose Users and then select Add user.
3. For the User name, enter Administrator (recommended).
4. After that, select the check box next to AWS Management Console access and select Custom password.
5. Then, enter the new password in the text box.
6. By default, AWS requires the new user to create a new password when signing in for the first time. If required, users can clear the check box next to User must create a new password at the next sign-in to allow the new user to reset their password after signing in.
7. Click the Next: Permissions button.
8. Under the Set permissions section, select Add user to the group.
9. Next, click Create group, and in the Create group dialog box, enter Administrators as the group name.
10. Select Filter policies, and then choose AWS managed – job function to filter the table contents.
11. In the policy list section, select the check box for AdministratorAccess and choose Create group.
12. Select the check box for the new group in the list of groups. Select Refresh if necessary to see the group in the list.
13. Next, click the Next: Tags button.
14. If required, add metadata to the user by attaching tags as key-value pairs.
15. Click Next: Review to see the list of group memberships to be added to the new user. When the user is ready to proceed, click Create user.
Create an Image Repository
A repository is where a user stores their Docker or Open Container Initiative (OCI) images in Amazon Elastic Container Registry. Each time they push or pull an image from Amazon ECR, they need to specify the repository and the registry location details, which informs where to push the image from or where to pull it to. To create an image repository, follow the below steps:
1. Open the Amazon ECR console at https://console.aws.amazon.com/ecr/.
2. Click the Get Started button.
3. Select the tag mutability setting for the repository in the Tag immutability section. Repositories that are configured with immutable tags will prevent image tags from being overwritten.
4. For Scan on push, select the image scanning setting for the repository. The repositories configured to scan on push will start an image scan whenever a new image is pushed; otherwise, image scans need to be started manually.
5. Finally, click the Create repository button.
Build, Tag, and Push a Docker Image
In this wizard section, users use the Docker CLI to tag an existing local image (that they have built from a Dockerfile or pulled from another registry, such as Docker Hub) and then push the tagged image to their Amazon ECR registry.
1. Choose the repository that the user has created and select the View push commands to view the steps to push an image to the new repository.
2. After that, run the login command that authenticates your Docker client to the registry by copy-pasting the command from the console into a terminal window. This login command will provide an authorization token that is valid for 12 hours.
3. (Optional) If the user has a Dockerfile to push, build the image and tag it to the new repository. Pasting the docker build command from the console into a terminal window. Make sure that you are in the same directory as the Dockerfile.
4. Tag the image with the Amazon ECR registry URI and the new repository by pasting the docker tag command from the console into a terminal window. The console command assumes that the image was built from a Dockerfile in the previous step. If the user did not build the image from a Dockerfile, replace the first instance of repository:latest with image name or the image ID of the local image to push.
5. After that, push the newly tagged image to the ECR repository by pasting the docker push command into a terminal window.
6. Finally, click Close.
This tutorial presents the steps to set up an Amazon Elastic Container Registry (Amazon ECR) in AWS. To learn more about the steps to set up Amazon ECR using AWS command-line, check “ Using Amazon ECR with the AWS CLI“. Hope this tutorial was helpful, and do reach out to us if you have any query or suggestions.