Amazon ECR private registries - Amazon ECR

Amazon ECR private registries

Amazon ECR private registries host your container images in a highly available and scalable architecture. You can use your private registry to manage private image repositories consisting of Docker and Open Container Initiative (OCI) images and artifacts. Each AWS account is provided with a default private Amazon ECR registry. For more information about Amazon ECR public registries, see Public registries in the Amazon Elastic Container Registry Public User Guide.

Private registry concepts

  • The URL for your default private registry is https://aws_account_id.dkr.ecr.region.amazonaws.com.

  • By default, your account has read and write access to the repositories in your private registry. However, IAM users require permissions to make calls to the Amazon ECR APIs and to push or pull images to and from your private repositories. Amazon ECR provides several managed policies to control user access at varying levels. For more information, see Amazon Elastic Container Registry Identity-Based Policy Examples.

  • You must authenticate your Docker client to your private registry so that you can use the docker push and docker pull commands to push and pull images to and from the repositories in that registry. For more information, see Private registry authentication.

  • Private repositories can be controlled with both IAM user access policies and repository policies. For more information about repository policies, see Repository policies.

  • The repositories in your private registry can be replicated across Regions in your own private registry and across separate accounts by configuring replication for your private registry. For more information, see Private image replication.