Tuesday, July 29, 2025

Amazon Elastic Container Registry (ECR) | Overview.


Amazon Elastic Container Registry (ECR) -  Overview.

Scope:

  • Intro,
  • Amazon ECR Private (concept),
  • Amazon ECR Public (concept),
  • Features,
  • Use Cases,
  • Comparison Table ECR Private & ECR Public,
  • URLs Format for ECR Private & ECR Public,
  • ECR Use cases for High-Level Workflow,
  • Getting Started: Step-by-Step Sample (CLI),
  • Security & Access Control,
  • How to Clean Up Old Images (Optional) with lifecycle Policies,
  • Common ECR CLI Commands & Purpose.

Intro:

  • Amazon ECR (Elastic Container Registry) is a fully managed container image registry provided by AWS.
  • twteh uses the registry to store, managedeploy Docker container images securely and at scale.

NB:

Amazon ECR offers two types of registries:

 1. Amazon ECR Private

A private container image registry for use within twtech AWS account.

 Features:

Feature

Description

Access controlled.

IAM-based authentication & resource policies

Secure.

Images encrypted at rest & in transit

Integrated.

Works seamlessly with ECS, EKS, CodeBuild, etc.

Lifecycle policies.

Auto-delete old/untagged images

Image scanning.

Detects CVEs using Amazon Inspector

 Use Cases:

  • Internal application containers
  • Private microservices
  • Sensitive workloads
  • Multi-environment deployments (dev/staging/prod)

 2. Amazon ECR Public

  • A public image registry where anyone can pull twtech container images over the internet (no AWS account required to pull).

 Features:

Feature

Description

Publicly accessible.

Like Docker Hub — no auth required to pull

Content delivery network (CDN).

Fast global distribution

Verified publishers.

AWS-verified logos for trusted images

Rate limiting.

Higher for authenticated users

Free image hosting.

No charge for image storage or data transfer (limits apply)

 Use Cases:

  • Open-source software images
  • Tools you want to share publicly
  • Replacing or mirroring Docker Hub content

 Comparison Table ECR Private & ECR Public

Feature

ECR Private

ECR Public

Access.

Private (IAM-controlled).

Public (internet-accessible)

Billing.

Pay per GB stored / transferred.

Free (limits apply)

Integration.

ECS, EKS, CodeBuild, etc.

ECS, EKS, Docker CLI

Image Visibility.

Hidden unless permissions granted.

Visible to all

Use Case.

Internal apps, enterprise use.

Public projects, OSS

 URLs Format

Registry Type.

URL Format

Private.

aws_account_id.dkr.ecr.region.amazonaws.com/twtechwebapp-repo

Public.

public.ecr.aws/namespace/twtechwebapp-repo

 Why twtech Uses ECR

Feature

Benefit

Fully managed

No need to manage your own registry infrastructure

Secure

Integrated with IAM, encryption at rest/in-transit

Integrated with ECS, EKS, Fargate

Simplified deployments

Highly available

Backed by AWS's infrastructure

Supports OCI images

Works with Docker and Open Container Initiative formats

 How twtech Uses ECR for High-Level Workflow

  1. Create a Repository
  2. Authenticate Docker to ECR
  3. Tag twech Docker Image
  4. Push Image to ECR
  5. Pull Image from ECR in ECS/EKS

Getting Started: Step-by-Step Sample (CLI)

1. Create a Repository

# bash

aws ecr create-repository --repository-name twtechwebapp-repo

2. Authenticate Docker to ECR

# bash 

aws ecr get-login-password --region us-east-2 \

| docker login --username AWS --password-stdin accountID.dkr.ecr.us-east-2.amazonaws.com

3. Tag twtech Image

# bash

docker tag twtechwebapp:latest <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/twtech-web-app:latest

4. Push Image to ECR

# bash

docker push accountID.dkr.ecr.us-east-2.amazonaws.com/twtech-web-app:latest

5. Use in ECS/EKS

In ECS task definition:

# json

"image": "accountID.dkr.ecr.us-east-2.amazonaws.com/twtech-web-app:latest"

 Security & Access Control

  • IAM permissions control who can push/pull.
  • Resource policies can allow cross-account access.
  • Image scanning (optional) checks for vulnerabilities.
  • Private or Public repos (ECR Public for sharing images openly).

 How to Clean Up Old Images (Optional) with lifecycle Policies.

Use lifecycle policies to automatically delete untagged or old images.

# json

{

  "rules": [

    {

      "rulePriority": 1,

      "description": "Remove untagged images",

      "selection": {

        "tagStatus": "untagged",

        "countType": "imageCountMoreThan",

        "countNumber": 5

      },

      "action": {

        "type": "expire"

      }

    }

  ]

}

 # Common ECR CLI Commands & Purpose

Command

Purpose

aws ecr create-repository

Create a new repo

aws ecr describe-repositories

List repos

aws ecr list-images

See images in a repo

aws ecr batch-delete-image

Delete images

aws ecr get-login-password

Login to Docker

 


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Amazon EventBridge | Overview.

Amazon EventBridge - Overview. Scope: Intro, Core Concepts, Key Benefits, Link to official documentation, Insights. Intro: Amazon EventBridg...