Amazon ECR service quotas
The following table provides the default service quotas for Amazon Elastic Container Registry (Amazon ECR).
| Service quota | Description | Default quota value | Adjustable |
|---|---|---|---|
|
Registered repositories |
The maximum number of repositories that you can create per Region. |
10,000 |
Yes |
|
Image per repository |
The maximum number of images per repository. |
10,000 |
Yes |
The following table provides the default rate quotas for each of the Amazon ECR API actions involved with the image push and image pull actions.
| Amazon ECR action | API operation | Description | Default quota value | Adjustable |
|---|---|---|---|---|
|
Authentication |
Rate of GetAuthorizationToken requests |
The rate of GetAuthorizationToken API requests that you can make per second, per Region. |
500 |
Yes |
|
Image push |
Rate of BatchCheckLayerAvailability requests |
The rate of BatchCheckLayerAvailability API requests that you can make per second, per Region. When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped. |
200 |
Yes |
| Rate of InitiateLayerUpload requests |
The rate of InitiateLayerUpload API requests that you can make per second, per Region. When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action. |
10 |
Yes |
|
| Rate of CompleteLayerUpload requests |
The rate of CompleteLayerUpload API requests that you can make per second, per Region. When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed. |
10 |
Yes |
|
| Rate of UploadLayerPart requests |
The rate of UploadLayerPart API requests that you can make per second, per Region. When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20,971,520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part. |
260 |
Yes |
|
| Rate of PutImage requests |
The rate of PutImage API requests that you can make per second, per Region. When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image. |
10 |
Yes |
|
|
Image pull |
Rate of BatchGetImage requests |
The rate of BatchGetImage API requests that you can make per second, per Region. When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest. |
2,000 | |
| Rate of GetDownloadUrlForLayer requests |
The rate of GetDownloadUrlForLayer API requests that you can make per second, per Region. When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached. |
3,000 |
Yes |
The following table provides other quotas for Amazon ECR and Docker images that cannot be changed.
The layer part information mentioned in the following table is only applicable if you are calling the Amazon ECR API actions directly to initiate multipart uploads for image push operations. This is a rare action. We recommend that you use the Docker CLI to pull, tag, and push images.
| Service quota | Description | Quota value | Adjustable |
|---|---|---|---|
|
Layer parts |
The maximum number of layer parts. This is only applicable if you are using Amazon ECR API actions directly to initiate multipart uploads for image push operations. |
4,200 |
No |
|
Maximum layer size |
The maximum size (MiB) of a layer. ** |
42,000 |
No |
|
Minimum layer part size |
The minimum size (MiB) of a layer part. This is only applicable if you are using Amazon ECR API actions directly to initiate multipart uploads for image push operations. |
5 |
No |
|
Maximum layer part size |
The maximum size (MiB) of a layer part. This is only applicable if you are using Amazon ECR API actions directly to initiate multipart uploads for image push operations. |
10 |
No |
|
Tags per image |
The maximum number of tags per image. |
1,000 |
No |
|
Lifecycle policy length |
The maximum number of characters in a lifecycle policy. |
30,720 |
No |
|
Rules per lifecycle policy |
The maximum number of rules in a lifecycle policy. |
50 |
No |
|
Rate of image scans |
The maximum number of image scans per image, per 24 hours. |
1 |
No |
** The maximum layer size listed here is calculated by multiplying the maximum layer part size (10 MiB) by the maximum number of layer parts (4,200).
Managing your Amazon ECR service quotas in the AWS Management Console
Amazon ECR has integrated with Service Quotas, an AWS service that enables you to view and manage your quotas from a central location. For more information, see What Is Service Quotas? in the Service Quotas User Guide.
Service Quotas makes it easy to look up the value of all Amazon ECR service quotas.
To view Amazon ECR service quotas (AWS Management Console)
-
Open the Service Quotas console at https://console.aws.amazon.com/servicequotas/
. -
In the navigation pane, choose AWS services.
-
From the AWS services list, search for and select Amazon Elastic Container Registry (Amazon ECR).
In the Service quotas list, you can see the service quota name, applied value (if it is available), AWS default quota, and whether the quota value is adjustable.
-
To view additional information about a service quota, such as the description, choose the quota name.
To request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.
Creating a CloudWatch alarm to monitor API usage metrics
Amazon ECR provides CloudWatch usage metrics that correspond to the AWS service quotas for each of the APIs involved with the registry authentication, image push, and image pull actions. In the Service Quotas console, you can visualize your usage on a graph and configure alarms that alert you when your usage approaches a service quota. For more information, see Amazon ECR usage metrics.
Use the following steps to create a CloudWatch alarm based on one of the Amazon ECR API usage metrics.
To create an alarm based on your Amazon ECR usage quotas (AWS Management Console)
-
Open the Service Quotas console at https://console.aws.amazon.com/servicequotas/
. -
In the navigation pane, choose AWS services.
-
From the AWS services list, search for and select Amazon Elastic Container Registry (Amazon ECR).
-
In the Service quotas list, select the Amazon ECR usage quota you want to create an alarm for.
-
In the Amazon CloudWatch Events alarms section, choose Create.
-
For Alarm threshold, choose the percentage of your applied quota value that you want to set as the alarm value.
-
For Alarm name, enter a name for the alarm and then choose Create.
