Amazon ECR
By Amazon Web Services
Amazon Elastic Container Registry (Amazon ECR) is a fully managed Docker and OCI container image registry on AWS, integrated with IAM permissions and AWS container services such as ECS and EKS.
Definition
Amazon Elastic Container Registry (Amazon ECR) is a fully managed Docker and OCI container image registry on AWS, integrated with IAM permissions and AWS container services such as ECS and EKS.
Overview
Amazon ECR provides managed, private (and optionally public, via ECR Public) storage for Docker and OCI images, removing the need to operate a self-managed registry. Access is controlled through AWS Identity and Access Management (IAM), so the same permission model used across an AWS account governs who and what can push or pull images, including services like Amazon ECS, Amazon EKS (Kubernetes), and AWS Lambda container images. ECR integrates with the broader AWS deployment toolchain, including AWS CodePipeline for CI/CD and image scanning features that check pushed images for known vulnerabilities. It is commonly compared with other cloud-native registries such as Google Cloud's Artifact Registry, and with cross-platform options like Docker Hub and GitHub Container Registry, with AWS-based workloads typically favoring ECR for its tight IAM and networking integration.
Key Features
- Fully managed private and public container image registry on AWS
- IAM-based access control for pushing and pulling images
- Native integration with Amazon ECS, EKS, and Lambda container images
- Built-in vulnerability scanning for stored images
- Image replication across AWS regions
- Lifecycle policies for automatically expiring old image versions