Setting Up with Amazon ECR
If you've already signed up for Amazon Web Services (AWS) and have been using Amazon EC2 Container Service (Amazon ECS), you are close to being able to use Amazon ECR. The set up process for the two services is very similar, as Amazon ECR is an extension to Amazon ECS. To use the AWS CLI with Amazon ECR , you must use a version of the AWS CLI that supports the latest Amazon ECR features. If you do not see support for an Amazon ECR feature in the AWS CLI, you should upgrade to the latest version. For more information, see http://aws.amazon.com/cli/.
Complete the following tasks to get set up for Amazon ECR. If you have already completed any of these steps, you may skip them and move on to installing the custom AWS CLI.
Sign Up for AWS
When you sign up for AWS, your AWS account is automatically signed up for all services, including Amazon ECR. You are charged only for the services that you use.
If you have an AWS account already, skip to the next task. If you don't have an AWS account, use the following procedure to create one.
To create an AWS account
Open https://aws.amazon.com/, and then choose Create an AWS Account.
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.
Note your AWS account number, because you'll need it for the next task.
Create an IAM User
Services in AWS, such as Amazon ECR, require that you provide credentials when you access them, so that the service can determine whether you have permission to access its resources. The console requires your password. You can create access keys for your AWS account to access the command line interface or API. However, we don't recommend that you access AWS using the credentials for your AWS account; we recommend that you use AWS Identity and Access Management (IAM) instead. Create an IAM user, and then add the user to an IAM group with administrative permissions or and grant this user administrative permissions. You can then access AWS using a special URL and the credentials for the IAM user.
If you signed up for AWS but have not created an IAM user for yourself, you can create one using the IAM console.
To create an IAM user for yourself and add the user to an Administrators group
Sign in to the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Users, and then choose Add user.
For User name, type a user name, such as
Administrator. The name can consist of letters, digits, and the following characters: plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-). The name is not case sensitive and can be a maximum of 64 characters in length.
Select the check box next to AWS Management Console access, select Custom password, and then type the new user's password in the text box. You can optionally select Require password reset to force the user to select a new password the next time the user signs in.
Choose Next: Permissions.
On the Set permissions for user page, choose Add user to group.
Choose Create group.
In the Create group dialog box, type the name for the new group. The name can consist of letters, digits, and the following characters: plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-). The name is not case sensitive and can be a maximum of 128 characters in length.
For Filter, choose Job function.
In the policy list, select the check box for AdministratorAccess. Then choose Create group.
Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.
Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.
You can use this same process to create more groups and users, and to give your users access to your AWS account resources. To learn about using policies to restrict users' permissions to specific AWS resources, go to Access Management and Example Policies for Administering AWS Resources.
To sign in as this new IAM user, sign out of the AWS console, then use the following
URL, where your_aws_account_id is your AWS account number without
the hyphens (for example, if your AWS account number is
1234-5678-9012, your AWS account ID is
Enter the IAM user name and password that you just created. When you're signed in, the navigation bar displays "your_user_name @ your_aws_account_id".
If you don't want the URL for your sign-in page to contain your AWS account ID, you can create an account alias. From the IAM dashboard, choose Create Account Alias and enter an alias, such as your company name. To sign in after you create an account alias, use the following URL:
To verify the sign-in link for IAM users for your account, open the IAM console and check under IAM users sign-in link on the dashboard.
For more information about IAM, see the AWS Identity and Access Management User Guide.
Install the AWS CLI
You can use the AWS command line tools to issue commands at your system's command line to perform Amazon ECS and AWS tasks; this can be faster and more convenient than using the console. The command line tools are also useful if you want to build scripts that perform AWS tasks.
To use the AWS CLI with Amazon ECR, install the latest AWS CLI version (Amazon ECR functionality is available in the AWS CLI starting with version 1.9.15). You can check your AWS CLI version with the aws --version command. For information about installing the AWS CLI or upgrading it to the latest version, see Installing the AWS Command Line Interface in the AWS Command Line Interface User Guide.
To use the Docker CLI with Amazon ECR, you must first install Docker on your system. For information about installing Docker and getting familiar with the tools, see Docker Basics.