Amazon ECR Public and Private Repositories

By Sruthy

By Sruthy

Sruthy, with her 10+ years of experience, is a dynamic professional who seamlessly blends her creative soul with technical prowess. With a Technical Degree in Graphics Design and Communications and a Bachelor’s Degree in Electronics and Communication, she brings a unique combination of artistic flair…

Full Bio >

Follow
Learn about our editorial policies.
 Updated January 24, 2026
Edited by Kamila

Edited by Kamila

Kamila is an AI-based technical expert, author, and trainer with a Master’s degree in CRM. She has over 15 years of work experience in several top-notch IT companies. She has published more than 500 articles on various Software Testing Related Topics, Programming Languages, AI Concepts,…

Full Bio >

Follow
Learn about our editorial policies.

Understand the basic difference between Amazon ECR public and private repositories. Learn when to use each repository from this complete AWS Container registry guide:

Amazon Elastic Container Registry (ECR), as we have seen in Part 1, is a fully managed container registry service by AWS, which is secure, scalable, and reliable.

Amazon ECR supports the creation of private repositories and is integrated with AWS IAM for resource-based permissions, which allow your EC2 instances to access the repositories and container images. Developers can use the Docker CLI to push and pull Docker images.

Introduction to Amazon ECR Public and Private Repositories

Amazon ECR Public and Private Repositories

Here, we will look at how to create, build, and publish a container image to an Amazon ECR PUBLIC/PRIVATE repository and also to automate this process using Jenkins.

The diagram below shows the workflow:

workflow - Amazon ECR

Amazon ECR supports both public and private repositories. Public repositories allow you to share Docker images with the entire community, whereas with private repositories, you can store images securely and provide access only to those who need it.

As a prerequisite, we will need the AWS CLI to be installed to authenticate with Amazon ECR, and Docker installed as well on any Linux system (e.g., EC2 VM) with access to the Amazon ECR service.

The instructions for installing AWS CLI are shown in Part 1 of the series.

Public Repositories

This section deals with the creation of the Amazon ECR Public Repository, along with the ways to build, tag, or push an image in the repository. You will get to know about the integration of Jenkins with Amazon ECR in the Public Repository.

Create an Amazon ECR Public Repository & Build/Tag/Push an Image

In this section, we will look at how to create an Amazon ECR public repository to store our container images and also build/tag/push the images from a local machine to the Amazon ECR repository. From the AWS services, search for ECR and click on Create to create a public repository.

From the left navigation pane, choose Repositories under Public registry. Click on Create repository

Create repository

Enter a name in lowercase and click on Create.

Create public repository

Once the repository is created, click on View push commands, which will provide you with commands to log in, build, tag, and push the image to your ECR repository just created, as shown below.

ECR repository

The complete URI for the repository is public.ecr.aws/{Default_Registry_Alias}/ecr-demo-repo

Note: Public repositories do not need any AWS account or IAM credentials to pull images

Run the commands as shown from the folder where the Dockerfile is stored to log in, build, and push the image.

Dockerfile is stored

Run the login command first and build the image as shown with the command below.

Build the image

Tag the image as shown below.

Tag the image

Push the Docker image to the Amazon ECR public repository as depicted in the image.

Push the docker image

The image is now pushed to the repository. Click on the repository to view the images.

view push commands

Integrate Jenkins With Amazon ECR (Public Repository)

In this section, we will see how to integrate Jenkins with Amazon ECR to automate the above manual steps of Docker image build and push to the ECR public repository.

We will look at the following steps:

  • Install Docker/Amazon ECR Jenkins plugin.
  • Set up Jenkins slave node on AWS EC2 VM (Ubuntu).
  • Create a freestyle Jenkins pipeline to build, tag, and push a Docker image to a public repo.

Step 1: Install Docker/Amazon ECR Jenkins plugin.

Download and install the plugins as an admin user.

Download and install the plugin

Step 2: Set up Jenkins slave node on AWS EC2 VM (Ubuntu)

I am using a Jenkins master server running on a Windows machine, which manages the job pipelines, and a slave is on an EC2 VM running Ubuntu, where Docker is installed, and the build command will be run through the jobs submitted to the master server.

Jenkins Master & Slave Server

Let’s look at how to create the slave node on the AWS EC2 VM.

Log in to the Jenkins MASTER machine and create an SSH key pair. Use the command below to create the key pair.

C:\Users\ADMIN> ssh-keygen
C:\Users\ADMIN> type .ssh\id_rsa.pub

Copy the content of the above command and log in to the slave node (EC2 Ubuntu VM). Add the copied content to the authorized_keys file.

# vi .ssh/authorized_keys

From the Jenkins master machine (Windows) ssh to the slave node using the below command. It will ask to accept the ssh fingerprint. Type yes and enter. You should now be able to ssh into the slave node using the command below.

ssh userid@EC2VM-IP-Address

Useridis‘ubuntu’ for EC2 VM running Ubuntu.

Step 3: Create a new Slave Node

Go to Manage Jenkins 🡪 Manage nodes

Click on + New Node and select Permanent Agent. Add the details below.

New Node

Add the host IP of the slave machine (EC2 VM) and add credentials.

Add credentials

For credentials, select the + Add 🡪Jenkins, and the Kind of credential should be “SSH Username with private key”. Add the details below of username and private key contents.

Username is ubuntu, which is the login of the AWS EC2 VM. In the private key field, add the Jenkins master’s machine private key. You can find the private key in ~/.ssh/id_rsa file.

E.g. If Jenkins Master is in Windows, here is the file in C:\users\<UserName>\.ssh\id_rsa

Click on Save, and you should see the agent connected successfully.

Agent connected

Step 4: Create a Jenkins pipeline, a freestyle job

The Jenkins pipeline will contain the following steps:

  • Select the slave node (in this case, it is the EC2 VM) for the pipeline to run
  • Jenkins Source Code Management to get the latest code changes from the GitHub repository.
  • Setup environment variables
    • REGISTRY_ALIAS={Value as shown during public repository creation}
    • URL_REGISTRY = public.ecr.aws/(REGISTRY_ALIAS)
    • REGION= As shown in section 7, with the login command
  • Build the Docker image using ${BUILD_NUMBER} as the tag to version the image using the Docker plugin.
  • Push the Docker image to the Amazon ECR public repository.

Select the slave node under the General TAB in the job.

slave node

Source Code Management Step with GitHub credentials and using the main branch.

Source Code Management Step

Setup Environment variables

Use the Mask passwords option to set up the variables (REGISTRY_ALIAS, URL_ REGISTRY, and REGION) as described at the beginning of the step. If this plugin is not installed, then install it.

Environment variables

Docker Build and Push to Amazon ECR repository as part of Build Step

Use the commands below to build, tag, and push the Docker image to the Amazon ECR repository.

Build Step 1 🡪 Execute Shell

Login step to Amazon ECR: This command is shown in section 7 for the ECR repository. Modify the command to use the environment variables defined.

Execute Shell

Build Step 2 🡪 Docker Build and Publish

Docker Build & Publish

No other details need to be entered. Save the Jenkins Job.

Run the Jenkins job

Look at the Jenkins job console output, and all the commands should have run successfully.

Jenkins Job Console

Browse the URL https://gallery.ecr.aws/REGISTRY_ALIAS/ecr-demo-repo, and you should see the latest version of the Docker image pushed to the ECR repository.

Also, look at the ECR public repository listing to view the latest version pushed.

ECR Public Repository

Private Repositories

This section deals with the creation of the Amazon ECR Private Repository, along with the ways to build, tag, or push an image in the repository. You will get to know about the integration of Jenkins with Amazon ECR in the Private Repository.

Create an Amazon ECR Private Repository and Build/Tag/Push an Image

In this section, we will look at how to create an Amazon ECR Private Repository using the console to store our Docker images and set appropriate permissions for accessing the repositories.

You can use a private registry to manage private repositories that comprise Docker images. An Amazon ECR private repository is isolated from public registries and is accessible only to the AWS account of the developer or to certain authorized users.

By default, your Amazon account would have read and write privileges to the repositories in the default registry, which is aws_account_id.dkr.ecr.your-region.amazonaws.com. But users will need permissions to push and pull images to/from the repository.

To create a private repository, go to the ECR console and click on Create repository under Private registry -> Repositories

Private registry

Enter a name in the format namespace/repo-name

Namespace can be your project name. Click on Create.

Create private repository

Repository is now listed.

Create Repository

Select the repository and click on View push commands to view the commands for login/build/tag/push image to the private repository.

push commands for vnecr

Run the above commands from the folder where the Dockerfile is stored. Before running the above commands, attach the AmazonEC2ContainerRegistryFullAccess policy to the IAM role created in section 4.

Amazon EC2 Container Registry

Step 1: Authenticate to your repository

Authenticate to your repository

Step 2: Build Docker Image

Build Docker Image

Step 3: Tag and push your image to the repository.

Push your image

Integrate Jenkins with Amazon ECR (Private Repository)

In this section, we will see how to integrate Jenkins with Amazon ECR to automate the above manual steps of Docker image build and push to the ECR private repository.

We will look at the following steps:

  • Use the Jenkins slave node on AWS EC2 VM (Ubuntu) created in section 3
  • Create a freestyle Jenkins pipeline to build, tag, and push a Docker image to a private repo

As described in section 3, select the node for the job to be run and also configure the SCM step.

Build Step 1 🡪 Execute shell

The first command will log out of the Amazon ECR Public if there was a previous authentication, and will result in an unauthenticated pull of images from the Amazon ECR public gallery.

The second command will log in to the Amazon ECR private registry as per the view push command listing for the private repository shown in the previous section.

Build steps

Build Step 2 🡪 Docker Build and Publish

Configure the step as shown using the details of the private repository created.

Docker Build and Publish

Save the job, run the Jenkins job. Look at the Jenkins job console output, and all the commands should have run successfully.

ECR Job Private Repo

Look at the Amazon ECR Private repository to verify if the Docker image is pushed.

Push commands

Conclusion

In this tutorial, we have seen how Amazon ECR is easy to implement to push container images and pull images without using any tools or utilities.

We also looked at how to automate the Docker Build and Publish of the images to Amazon ECR public and private repositories using Jenkins, which is probably the way developers should work, or, for that matter, use any other CI/CD tool to automate manual steps, which is very much essential for modern-day development and deployment.

In the last part 3 of the series, we will look at the security aspect of Docker images and also integration789 with another CI/CD tool, GitHub Actions.

For more quick Amazon ECR-related guides, you can explore our range of tutorials below:

PREV Tutorial | NEXT Tutorial

Was this helpful?

Thanks for your feedback!

Recommended Reading

  • Docker Tutorial: Installation And Introduction To Docker
    Introduction to Docker

    This Step By Step Docker Tutorial Explains What Is Docker, It's Installation And Terminology Used With Like Docker Container, Docker Build, Docker Hub, etc.: Docker is a containerization open-source platform that automates the deployment of applications inside containers. Let's look at it from the point of view of loading and…

  • Jenkins with Docker, Docker-Compose & Docker Swarm TUTORIAL
    Jenkins Integration With Docker, Docker-Compose And Docker Swarm (Stack Deploy)

    This tutorial will give you a complete understanding of Jenkins Integration with Docker, Docker-Compose, and Docker Swarm with simple examples: Jenkins is an open-source automated CI/CD software for DevOps that enables developers to build, test and deploy their software. Docker is an open platform to create, run and deploy applications…

  • Kubernetes Vs Docker - What Are The Key Differences
    Kubernetes Vs. Docker

    Read this in-depth review and comparison between Kubernetes Vs Docker used to build, deliver, and scale containerized applications: In a recent survey, the Cloud Native Computing Foundation (CNCF) figured out that 84% of the total respondents in question were using Docker and Kubernetes in their production environment by 2019. Naturally,…

  • What is Docker Compose? Installation and Volumes with Examples
    Introduction to Docker Compose {Handle Multiple Containers at once}

    Get to know what is docker compose and explore all about Docker Compose Volumes to learn how to manage multiple containers on a single host with examples: Docker is an open-source platform used to build, test, and deploy applications. Docker helps to package the software into units called containers which…

READ MORE FROM THIS SERIES: