Amazon ECR (Elastic Container Registry) | Overview.

 

Amazon ECR (Elastic Container Registry) is a fully managed container image registry provided by AWS.

twteh uses the registry to store, manage, deploy Docker container images securely and at scale.

Amazon ECR offers two types of registries:

 1. Amazon ECR Private

A private container image registry for use within your AWS account.

 Features:

Feature	Description
Access controlled.	IAM-based authentication & resource policies
Secure.	Images encrypted at rest & in transit
Integrated.	Works seamlessly with ECS, EKS, CodeBuild, etc.
Lifecycle policies.	Auto-delete old/untagged images
Image scanning.	Detects CVEs using Amazon Inspector

 Use Cases:

• Internal application containers
• Private microservices
• Sensitive workloads
• Multi-environment deployments (dev/staging/prod)

 2. Amazon ECR Public

A public image registry where anyone can pull your container images over the internet (no AWS account required to pull).

 Features:

Feature	Description
Publicly accessible.	Like Docker Hub — no auth required to pull
Content delivery network (CDN).	Fast global distribution
Verified publishers.	AWS-verified logos for trusted images
Rate limiting.	Higher for authenticated users
Free image hosting.	No charge for image storage or data transfer (limits apply)

 Use Cases:

• Open-source software images
• Tools you want to share publicly
• Replacing or mirroring Docker Hub content

 Comparison Table

Feature	ECR Private	ECR Public
Access.	Private (IAM-controlled).	Public (internet-accessible)
Billing.	Pay per GB stored / transferred.	Free (limits apply)
Integration.	ECS, EKS, CodeBuild, etc.	ECS, EKS, Docker CLI
Image Visibility.	Hidden unless permissions granted.	Visible to all
Use Case.	Internal apps, enterprise use.	Public projects, OSS

 URLs Format

Registry Type.	URL Format
Private.	aws_account_id.dkr.ecr.region.amazonaws.com/twtechwebapp-repo
Public.	public.ecr.aws/namespace/twtechwebapp-repo

 Why twtecn Uses ECR

Feature	Benefit
Fully managed	No need to manage your own registry infrastructure
Secure	Integrated with IAM, encryption at rest/in-transit
Integrated with ECS, EKS, Fargate	Simplified deployments
Highly available	Backed by AWS's infrastructure
Supports OCI images	Works with Docker and Open Container Initiative formats

 How twtech Uses ECR for High-Level Workflow

1. Create a Repository
2. Authenticate Docker to ECR
3. Tag twech Docker Image
4. Push Image to ECR
5. Pull Image from ECR in ECS/EKS

Step-by-Step Example (CLI)

1. Create a Repository

# bash

aws ecr create-repository --repository-name twtechwebapp-repo

2. Authenticate Docker to ECR

# bash 

aws ecr get-login-password --region us-east-2 \

| docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com

3. Tag Your Image

# bash

docker tag twtechwebapp:latest <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/twtech-web-app:latest

4. Push to ECR

# bash

docker push <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/twtech-web-app:latest

5. Use in ECS/EKS

In ECS task definition:

# json

"image": "<aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/twtech-web-app:latest"

 Security & Access Control

• IAM permissions control who can push/pull.
• Resource policies can allow cross-account access.
• Image scanning (optional) checks for vulnerabilities.
• Private or Public repos (ECR Public for sharing images openly).

 Clean Up Old Images (Optional)

Use lifecycle policies to automatically delete untagged or old images.

# json

{

  "rules": [

    {

      "rulePriority": 1,

      "description": "Remove untagged images",

      "selection": {

        "tagStatus": "untagged",

        "countType": "imageCountMoreThan",

        "countNumber": 5

      },

      "action": {

        "type": "expire"

      }

    }

  ]

}

 Common ECR CLI Commands

Command	Purpose
aws ecr create-repository	Create a new repo
aws ecr describe-repositories	List repos
aws ecr list-images	See images in a repo
aws ecr batch-delete-image	Delete images
aws ecr get-login-password	Login to Docker