Elastic Container Registry (ECR)
It’s a managed container image registry service.
Within ECR you get:
-
1 Public Registry: repositories in this registry require no authentication for reads, but they still require permissions to write. Features:
-
Custom logo
-
Content Type specification:
-
Operating System: Linux or Windows
-
Archtecture: ARM, ARM64, x86, x86_64
-
-
-
1 Private Registry: repositories in this registry require permission for any operations. Features:
-
Immutable Tags
-
KMS Encryption
-
Public registry repositories: public.ecr.aws/<registry_alias>/<repository_name>.
Private registry repositories: <account_id>.dkr.ecr.<aws_region>.amazonaws.com/<repository_name>.
Permissions are fully controlled via IAM.
Monitoring
ECR offers near-real-time metrics that it delivers into CloudWatch: metrics are for things like authentication, push or pull operations against any container images.
ECR also logs all eAPI actions into CloudTrail.
it generates events which are delivered into EventBridge.
Public Registry and Public Repository workflow
$ aws_repo_name="test/alpine"
# Original command: aws --region us-east-1 ecr-public create-repository --repository-name test --catalog-data 'description=A test repo,architectures=arm64,x86_64,operatingSystems=linux,windows'
$ aws_repo_uri=$(aws --region us-east-1 ecr-public create-repository --repository-name "$aws_repo_name" --catalog-data 'description=A test repo,architectures=arm64,x86_64,operatingSystems=linux,windows' --output text --query 'repository.repositoryUri')
$ aws --region us-east-1 ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
$ docker pull docker.io/alpine:3.20.1
$ docker tag docker.io/alpine:3.20.1 ${aws_repo_uri}:3.20.1
$ docker push ${aws_repo_uri}:3.20.1Private Registry workflow
$ aws_repo_name="test/alpine"
$ aws_repo_uri=$(aws --region us-east-1 ecr create-repository --repository-name "$aws_aws_repo_name" --image-tag-mutability IMMUTABLE --encryption-configuration "encryptionType=AES256" --output text --query 'repository.repositoryUri')
$ aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $aws_account_id.dkr.ecr.us-east-1.amazonaws.com
$ docker pull docker.io/alpine:3.20.1
$ docker tag docker.io/alpine:3.20.1 ${aws_repo_uri}:3.20.1
$ docker push ${aws_repo_uri}:3.20.1