Amazon ECR
User Guide (API Version 2015-09-21)

What Is Amazon Elastic Container Registry?

Amazon Elastic Container Registry (Amazon ECR) is a managed AWS Docker registry service that is secure, scalable, and reliable. Amazon ECR supports private Docker repositories with resource-based permissions using AWS IAM so that specific users or Amazon EC2 instances can access repositories and images. Developers can use the Docker CLI to push, pull, and manage images.

Components of Amazon ECR

Amazon ECR contains the following components:


An Amazon ECR registry is provided to each AWS account; you can create image repositories in your registry and store images in them. For more information, see Amazon ECR Registries.

Authorization token

Your Docker client must authenticate to Amazon ECR registries as an AWS user before it can push and pull images. The AWS CLI get-login command provides you with authentication credentials to pass to Docker. For more information, see Registry Authentication.


An Amazon ECR image repository contains your Docker images. For more information, see Amazon ECR Repositories.

Repository policy

You can control access to your repositories and the images within them with repository policies. For more information, see Amazon ECR Repository Policies.


You can push and pull Docker images to your repositories. You can use these images locally on your development system, or you can use them in Amazon ECS task definitions. For more information, see Using Amazon ECR Images with Amazon ECS.

How to Get Started with Amazon ECR

To use Amazon ECR, you must be set up to install the AWS Command Line Interface and Docker. For more information, see Setting Up with Amazon ECR and Docker Basics for Amazon ECR.

After you are set up, you are ready to complete the Getting Started with Amazon ECR tutorial.