Document history

The following table describes the important changes to the documentation since the last release of Amazon ECR. We also update the documentation frequently to address the feedback that you send us.

Change	Description	Date
IPv6 support	Added support for making requests to Amazon ECR registries using both IPv4-only and dual-stack (IPv4 and IPv6) endpoints. For more information, see Making requests to Amazon ECR registries.	30 April 2025
Added Amazon ECR private registry support to pull through cache	Amazon ECR added support for creating pull through cache rules for the Amazon ECR private registry. For more information, see Sync an upstream registry with an Amazon ECR private registry and Amazon ECR service-linked role for pull through cache.	12 March 2025
Added support for setting registry policy scope	Amazon ECR added support for configuring registry policy scope for your private registry. For more information, see Private registry permissions in Amazon ECR and Amazon ECR private registry.	23 December 2024
AmazonEC2ContainerRegistryPullOnly – New policy	Amazon ECR added a new policy that grants pull-only permissions to Amazon ECR.	10 October 2024
Docker/OCI Client-proxied operations in CloudTrail events now point to `ecr.amazonaws.com`	The value `ecr.amazonaws.com` replaces `AWS Internal` in User Agent (`userAgent`) and Source IP Address (`sourceIPAddress`) fields for CloudTrail events associated with Docker/OCI Client endpoints. For examples, see Example: Image pull action and Example: Image push action.	1 July 2024
Added description of new Amazon ECR service-linked role for repository creation templates.	Amazon ECR uses a service-linked role named AWSServiceRoleForECRTemplate which gives permission for Amazon ECR to perform actions on your behalf to complete repository creation template actions. For more information, see Amazon ECR service-linked role for repository creation templates.	20 June 2024
Added the `ECRTemplateServiceRolePolicy` service-linked role.	Added the `ECRTemplateServiceRolePolicy` service-linked role. For more information, see ECRTemplateServiceRolePolicy	20 June 2024
Added cross-Region and cross-account replication to China Regions.	Amazon ECR added support to China Region for filtering which repositories are replicated. For more information, see Private image replication in Amazon ECR	15 May 2024
Added GitLab container registry to pull through cache rules	Amazon ECR added support for creating pull through cache rules for the GitLab container registry. For more information, see Sync an upstream registry with an Amazon ECR private registry.	8 May 2024
Amazon ECR lifecycle policy update to add support for using wildcards	Amazon ECR added support for wildcards in a lifecycle policy through the use of the `tagPatternList` parameter in a lifecycle policy rule. For more information, see Automate the cleanup of images by using lifecycle policies in Amazon ECR.	18 December 2023
Amazon ECR repository creation templates	Amazon ECR added support for repository creation templates. For more information, see Templates to control repositories created during a pull through cache or replication action.	15 November 2023
Amazon ECR pull through cache added supported for authenticated upstream registries	Amazon ECR added support for using upstream registries that require authentication for your pull through cache rules. For more information, see Sync an upstream registry with an Amazon ECR private registry.	15 November 2023
AWSECRPullThroughCache_ServiceRolePolicy – Update to an existing policy	Amazon ECR added new permissions to the `AWSECRPullThroughCache_ServiceRolePolicy` policy. These permissions allow Amazon ECR to retrieve the encrypted contents of a Secrets Manager secret. This is required when using a pull through cache rule to cache images from an upstream registry that requires authentication.	November 15, 2023
Amazon ECR image signing	Amazon ECR and AWS Signer added support for creating and pushing container image signatures using the Notary client. For more information, see Signing an image stored in an Amazon ECR private repository.	6 June 2023
Added Kubernetes container registry to pull through cache rules	Amazon ECR added support for creating pull through cache rules for the Kubernetes container registry. For more information, see Sync an upstream registry with an Amazon ECR private registry.	1 June 2023
Amazon ECR enhanced scanning duration support	Amazon Inspector added support for setting the duration that your repositories are monitored for when enhanced scanning is enabled. For more information, see Changing the enhanced scanning duration for images in Amazon Inspector.	28 June 2022
Amazon ECR sends repository pull count metrics to Amazon CloudWatch	Amazon ECR sends repository pull count metrics to Amazon CloudWatch. For more information, see Amazon ECR repository metrics.	6 January 2022
Expanded replication support	Amazon ECR added support for filtering which repositories are replicated. For more information, see Private image replication in Amazon ECR.	21 September 2021
AWS managed policies for Amazon ECR	Amazon ECR added documentation of AWS managed policies. For more information, see AWS managed policies for Amazon Elastic Container Registry.	24 June 2021
Cross-Region and cross-account replication	Amazon ECR added support for configuring replication settings for your private registry. For more information, see Private registry settings in Amazon ECR.	8 December 2020
OCI artifact support	Amazon ECR added support for pushing and pulling Open Container Initiative (OCI) artifacts. A new parameter `artifactMediaType` was added to the `DescribeImages` API response to indicate the type of artifact. For more information, see Pushing a Helm chart to an Amazon ECR private repository.	24 August 2020
Encryption at rest	Amazon ECR added support for configuring encryption for your repositories using server-side encryption with customer managed keys stored in AWS Key Management Service (AWS KMS). For more information, see Encryption at rest.	29 July 2020
Multi-architecture images	Amazon ECR added support for creating and pushing Docker manifest lists which are used for multi-architecture images. For more information, see Pushing a multi-architecture image to an Amazon ECR private repository.	28 April 2020
Amazon ECR Usage Metrics	Amazon ECR added CloudWatch usage metrics which provides visibility into your account's resource usage. You also have the ability to create CloudWatch alarms from both the CloudWatch and Service Quotas consoles to get alerts when your usage approaches your applied service quota. For more information, see Amazon ECR usage metrics.	28 Feb 2020
Updated Amazon ECR service quotas	Updated the Amazon ECR service quotas to include per-API quotas. For more information, see Amazon ECR service quotas.	19 Feb 2020
Added `get-login-password` command	Added support for get-login-password, which provides a simple and secure method for retrieving an authorization token. For more information, see Using an authorization token.	4 Feb 2020
Image Scanning	Added support for image scanning, which helps in identifying software vulnerabilities in your container images. Amazon ECR uses the Common Vulnerabilities and Exposures (CVEs) database from the open source CoreOS Clair project and provides you with a list of scan findings. For more information, see Scan images for software vulnerabilities in Amazon ECR.	24 Oct 2019
VPC Endpoint Policy	Added support for setting an IAM policy on the Amazon ECR interface VPC endpoints. For more information, see Create an endpoint policy for your Amazon ECR VPC endpoints.	26 Sept 2019
Image Tag Mutability	Added support for configuring a repository to be immutable to prevent image tags from being overwritten. For more information, see Preventing image tags from being overwritten in Amazon ECR.	25 July 2019
Interface VPC Endpoints (AWS PrivateLink)	Added support for configuring interface VPC endpoints powered by AWS PrivateLink. This allows you to create a private connection between your VPC and Amazon ECR without requiring access over the internet, through a NAT instance, a VPN connection, or AWS Direct Connect. For more information, see Amazon ECR interface VPC endpoints (AWS PrivateLink).	25 Jan 2019
Resource tagging	Amazon ECR added support for adding metadata tags to your repositories. For more information, see Tagging a private repository in Amazon ECR.	18 Dec 2018
Amazon ECR Name Change	Amazon Elastic Container Registry is renamed (previously Amazon EC2 Container Registry).	21 Nov 2017
Lifecycle Policies	Amazon ECR lifecycle policies enable you to specify the lifecycle management of images in a repository. For more information, see Automate the cleanup of images by using lifecycle policies in Amazon ECR.	11 Oct 2017
Amazon ECR support for Docker image manifest 2, schema 2	Amazon ECR now supports Docker Image Manifest V2 Schema 2 (used with Docker version 1.10 and newer). For more information, see Container image manifest format support in Amazon ECR.	27 Jan 2017
Amazon ECR General Availability	Amazon Elastic Container Registry (Amazon ECR) is a managed AWS Docker registry service that is secure, scalable, and reliable.	21 Dec 2015

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using Podman with Amazon ECR