Getting Started with AWS ECR

Welcome to AWS ECR

When you build a Docker image, it lives on your local machine. To deploy it to EC2, ECS, or anywhere else, you need a registry — a place to push the image from your machine and pull it from your server.

Docker Hub is the public default. Amazon ECR (Elastic Container Registry) is the AWS-native alternative: private by default, integrated with IAM permissions, and physically close to your ECS clusters and EC2 instances for fast pulls.

ECR is the missing piece between building a Docker image and running it on AWS.

What You'll Learn

Registries and repositories — one registry per AWS account, one repo per image name
Authenticating Docker to ECR — using aws ecr get-login-password
Pushing an image — tagging and pushing to an ECR repository
Pulling an image — on EC2 or in ECS task definitions
IAM permissions — which policies EC2 and ECS need to pull from ECR
Lifecycle policies — automatically deleting old image tags to control storage costs
Image scanning — ECR's built-in vulnerability scanning on push
The full workflow — build → tag → push to ECR → deploy via ECS

Prerequisites

Docker installed locally
AWS CLI configured with credentials (aws configure)
Basic understanding of Docker images and tags

Welcome to AWS ECR​

What You'll Learn​

Prerequisites​

Welcome to AWS ECR

What You'll Learn

Prerequisites