Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. You can use Amazon ECR and Amazon Elastic Container Service (ECS) together to securely and easily collaborate and deploy across your development, testing, and production environments.
Amazon Elastic Container Service integration
Amazon ECR is integrated with Amazon ECS allowing you to easily store, run, and manage container images for applications running on Amazon ECS. All you need to do is specify the Amazon ECR repository in your Task Definition and Amazon ECS will retrieve the appropriate images for your applications.
Amazon ECR supports Docker Registry HTTP API V2 allowing you to use Docker CLI commands (e.g., push, pull, list, tag) or your preferred Docker tools to interact with Amazon ECR, maintaining your existing development workflow. You can easily access Amazon ECR from any Docker environment, whether in the cloud, on-premises, or on your local machine.
Amazon ECS allows you to define tasks through a declarative JSON template called a Task Definition. Within a Task Definition you can specify one or more containers required for your task, including the Docker repository and image, memory and CPU requirements, shared data volumes, and how the containers are linked to each other. You can launch as many tasks as you want from a single Task Definition file that you can register with the service. Task Definition files also allow you to version control your application specification.
High availability and durability
Amazon ECR stores your container images in Amazon S3. Your data is redundantly stored across multiple facilities and multiple devices in each facility.
Amazon ECR supports the ability to define and organize repositories in your registry using namespaces. This allows you to organize your repositories based on your team’s existing workflows. You can set which API actions another user may perform on your repository (e.g., create, list, describe, delete, and get) through resource-level policies, allowing you to easily share your repositories with different users and Amazon Web Services accounts.
Amazon ECR uses Amazon Identity and Access Management to control and monitor who and what (e.g., EC2 instances) can access your container images. Through IAM you can define policies to allow users within the same Amazon Web Services account or other accounts to access your container images. You can also further refine these policies by specifying different permissions for different users and roles, e.g push, pull, or full admin access.
You can transfer your container images to and from Amazon Elastic Container Registry via HTTPS. Your images are also automatically encrypted at rest.