DEVELOPER BLOG

HOME > DEVELOPER BLOG > A Comprehensive Guide to AWS Elastic Container Registry (ECR)

A Comprehensive Guide to AWS Elastic Container Registry (ECR)

1. Introduction

The introduction provides an overview of the article's focus, which is to present a comprehensive guide on AWS Elastic Container Registry (ECR). It may briefly explain the significance of ECR as a fully managed container registry for storing, managing, and deploying container images.

2. Purpose

This section states the purpose of the article, which is to educate readers about AWS ECR and demonstrate how to set it up using the AWS Management Console and Prismscaler. It aims to provide both DevOps and non-DevOps methods to cater to different experience levels.

3. What is AWS ECR?

Amazon Elastic Container Registry (ECR) is a fully managed container image registry service provided by Amazon Web Services (AWS). It is designed to make it easy for developers to store, manage, and deploy Docker container images. Here are some key features and functions of AWS ECR:
  • Image Storage: ECR allows you to store Docker container images in a highly available and scalable repository. You can think of it as a centralized location to keep your Docker images.
  • Integration with AWS Services: ECR seamlessly integrates with other AWS services like Amazon Elastic Kubernetes Service (EKS), AWS Fargate, AWS Batch, and more, making it easy to deploy containerized applications in various AWS environments.
  • Access Control: You can manage access to your container images using AWS Identity and Access Management (IAM) policies. This allows you to control who can push, pull, or manage images in your registry.
  • Image Scanning: ECR offers image scanning capabilities that check container images for known vulnerabilities. This helps improve the security of your containerized applications.
  • Lifecycle Policies: You can define lifecycle policies to automatically clean up old or unused images. This helps in managing storage costs and keeping your registry organized.
  • Encryption: ECR encrypts images at rest and in transit, ensuring the security of your container images.
  • Integration with Docker CLI: ECR works seamlessly with the Docker CLI, making it easy for developers to push and pull images using familiar commands.
  • Cross-Region Replication: You can replicate your container images to different AWS regions, improving availability and reducing latency for deployments in multiple regions.
  • Private Registry: By default, ECR repositories are private, which means only authorized users and services can access the images stored in your registry. This is crucial for maintaining the privacy and security of your container images.

4. Creating AWS ECR with AWS console

Step 1. Create ECR repository Go to ECR service on AWS console → navigate to Repositories → click to Create repository:     A repository is where you store your Docker or Open Container Initiative (OCI) images in Amazon ECR. Each time you push or pull an image from Amazon ECR, you specify the repository and the registry location which informs where to push the image to or where to pull it from. On creation screen:
  • For Visibility settings, choose Private (or Public if needed).
  • For Repository name, specify a name for the repository.
  • For Tag immutability, choose the tag mutability setting for the repository. Repositories configured with immutable tags will prevent image tags from being overwritten.
  • For KMS encryption, choose whether to enable server-side encryption using AWS KMS keys stored in the AWS Key Management Service service.
      Then, you can click to Create repository.   Step 2. Push container to ECR repository Select the repository you created and choose View push commands to view the steps to push an image to your new repository.       Run the login command that authenticates your Docker client to your registry by using the command from the console in a terminal window. This command provides an authorization token that is valid for 12 hours. Estimated Time With DevOps knowledge: 2-3 hours Without DevOps knowledge: 2-3 days
aws ecr get-login-password --region <your_region> | docker login --username AWS --password-stdin <your_account_id>.dkr.ecr.<region>.amazonaws.com

                
docker build -t my_repo .

docker tag my_repo:latest <your_account_id>.dkr.ecr.<region>.amazonaws.com/my_repo:latest

docker push <your_account_id>.dkr.ecr.<region>.amazonaws.com/my_repo:latest                  

5. Creating AWS ECR with PrismScaler

Similar to the previous section, this part introduces an alternative method using "Prismscaler" to create an AWS Elastic Container Registry (ECR). With PrismScaler you can save more time, instead of manipulating multiple steps on the AWS console, with just one step per form, just fill in the necessary information and press the create button.     Automatically build a registry to store the Docker container on AWS ・ If you want to operate the application with a container ・ When using a container registry on AWS Estimated Time 5-15 minutes (without DevOps knowledge)

6. Reference

The reference section lists the sources or external materials used in the article, allowing readers to explore further or verify the information provided.