Amazon Elastic Container Registry (Amazon ECR) Guide

By Sruthy

By Sruthy

Sruthy, with her 10+ years of experience, is a dynamic professional who seamlessly blends her creative soul with technical prowess. With a Technical Degree in Graphics Design and Communications and a Bachelor’s Degree in Electronics and Communication, she brings a unique combination of artistic flair…

Full Bio >

Follow
Learn about our editorial policies.
 Updated January 24, 2026
Edited by Kamila

Edited by Kamila

Kamila is an AI-based technical expert, author, and trainer with a Master’s degree in CRM. She has over 15 years of work experience in several top-notch IT companies. She has published more than 500 articles on various Software Testing Related Topics, Programming Languages, AI Concepts,…

Full Bio >

Follow
Learn about our editorial policies.

Discover all about Amazon ECR, along with its features and benefits, from this step-by-step introductory guide. Understand how Amazon Elastic Container Registry stores Docker images securely:

Part one of this series gives an introduction to Amazon ECR – a Docker-managed container service. It allows easy implementation for pushing and pulling images without tools.

Amazon Elastic Container Registry (ECR) is a fully managed container registry service provided by AWS, offering security, scalability, and reliability.

Amazon ECR: Complete Guide to AWS Elastic Container Registry

Amazon ECR Introduction

Amazon ECR supports the creation of private repositories and is integrated with AWS IAM for resource-based permissions, which enables your EC2 instances to access the repositories and container images.

Developers can use the Docker CLI to push and pull Docker images.

List of Tutorials in Amazon ECR Series:

Tutorial #1: Amazon Elastic Container Registry (Amazon ECR) Guide (This Tutorial)
Tutorial #2: Amazon ECR Public and Private Repositories
Tutorial #3: Amazon ECR Docker Images & GitHub Integration

The diagram below shows the workflow for using Amazon ECR.

Amazon ECR Workflow

Features of Amazon ECR

  • Open Container Initiative support for container format and Docker support
  • Public image gallery
  • High availability
  • Public repository to enable teams to share container artifacts with anyone across the world
  • Access control of who and what resources can access the container images is through IAM.
  • Integration with existing CI/CD tools like Jenkins.
  • Container images are encrypted during transfer to and from Amazon ECR.

In this three-part series, we will examine how to build and publish a container image to an Amazon ECR PUBLIC and PRIVATE repository and integrate it with Jenkins/GitHub Actions. You may read through our detailed guide on the Jenkins Tutorial series to gain more knowledge.

As a prerequisite, we will need the AWS CLI to be installed to authenticate with Amazon ECR, and Docker installed as well on any Linux system (e.g., EC2 VM) with access to the Amazon ECR service.

Installing AWS CLI

In this section, we will look at installing the latest version of AWS CLI using the snap package manager.

$ sudo snap install aws-cli –classic

Add /snap/bin to the PATH and verify the installation

verify the installation

$ aws –version

AWS version

There are other ways to install or update the AWS CLI for your operating system. You can refer to the URL https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

Create IAM Role to Access Amazon ECR

In this section, we will learn how to create an IAM role to access Amazon ECR & attach it to the EC2 Instance.

We will see how to create an Identity Access Management (IAM) role to provide access to AWS resources with the AmazonElasticContainerRegistryPublicFullAccess policy, which provides administrative access to the Amazon ECR public resources.

The IAM helps administrators to securely control access to the AWS resources, especially for those who have permissions to use Amazon ECR. This also allows you to control who can upload or download images in the Amazon ECR repositories.

Create IAM Role

A role in AWS is an entity that has certain specific permissions. In the AWS Console, search for IAM and click on Roles on the left panel.

Create IAM Role

Click on Create role.

For the trusted entity type, select the option AWS service; for the use case, choose EC2 only, and click on Next.

Trusted Entity Type

Search for the policy AmazonElasticContainerRegistryPublicFullAccess and click on Next as shown below.

add permission

Provide a role name and click on Create role, as in the image below.

Provide a role name

The IAM role is now created and listed as depicted in the image below.

IAM role

Attach the IAM Role to Your EC2 Instance

Go back to the AWS console and select your EC2 instance. Select Actions -> Security -> Modify IAM role as below.

Modify IAM role

Select the IAM role and click on Update IAM role option as shown below.

Update IAM role

Your EC2 instance can now access Amazon ECR.

Amazon ECR Public Gallery

To pull a Docker image (docker pull) to your local environment, you can do so from the Amazon ECR public gallery, which is a public website to find and share container images. You can browse the container images available @ https://gallery.ecr.aws

For example, to pull the MySQL image, search for it and use the command as shown below.

pull the MySQL image

Copy the path shown and run the command below using the Docker CLI.

$ docker pull public.ecr.aws/docker/library/mysql:8.0.40-bookworm

Amazon ECR supports a public registry for hosting container images in a scalable environment. Any repository created in the public registry is available publicly in the Amazon ECR Public Gallery.

Every AWS account is provided with a default public and private Amazon ECR registry.

Sample Node Project and Dockerfile

We will use the node project below and the Dockerfile to create an image and push it to the Amazon ECR repository.

use the node project

Dockerfile – It is a set of instructions to create an image. Create the Dockerfile below in the same folder.

FROM public.ecr.aws/docker/library/node:lts-slim
WORKDIR  /app
COPY .  /app
CMD ["npm","start"]

Let’s look at the definitions of the commands used in the Dockerfile.

FROM – This command gets the base image from the Amazon ECR Public Gallery.

WORKDIR – To set a working directory for a container.

COPY – Copy files and folders from the local system into the Docker container.

CMD – CMD would run an application when a container is created, not during the image build.

Also, ensure to push the content to the GitHub repository, which will be used in Jenkins integration, and keep your GitHub PAT token handy for authentication in your Jenkins job.

ECR Repo

Conclusion

In part 1 of the series, we have seen an introduction to Amazon ECR, which is a Docker-managed container service that is easy to implement to push container images and pull images using no tools or utilities.

It shares and downloads images securely using the HTTPS protocol with encryption, and is fast and reliable to access/distribute your images.

In the next part, we will look at how to automate the Docker Build and Publish of the images to Amazon ECR PUBLIC repository using Jenkins, and also how to automate the Docker Build and Publish of the images to Amazon ECR PRIVATE repository using Jenkins, and also with GitHub Actions in the subsequent part of the series.

For more quick AWS-related guides, you can explore our range of tutorials below:

NEXT Tutorial

Was this helpful?

Thanks for your feedback!

Recommended Reading

  • TOP 30 AWS Interview Questions and Answers in 2026
    Amazon web services Interview Question

    In this tutorial, we have provided the most frequently asked AWS (Amazon Web Services) interview questions & answers with explanations: In constantly uncertain economic situations prevailing globally, many organizations are considering moving to public cloud computing and storage services offered by Amazon. In startup software industries, it is essential for…

  • Top AWS DevOps Tools for Cloud Build and Deployment
    BEST AWS DEVOPS TOOLS

    Best Amazon AWS DevOps Tools: A pipeline, source code repository, build, and deployment with Amazon Web Services When I started my software career around 20+ years back the infrastructure (Software and Hardware) for any kind of development and deployment had to be procured. This included placing orders with the vendor…

  • Top AWS Managed Service Provider (MSP) Companies for 2026
    AWS Managed Service Provider (MSP) Companies

    Top AWS Managed Service Provider Companies and Vendors: AWS stands for Amazon Web Services. Amazon web services provide a cloud-based platform for many services like database storage etc. AWS is used by several business organizations as it helps the business to grow by giving flexible and cost-effective solutions. Let's explore…

  • What is AWS S3: AWS S3 Bucket Usage Through AWS CLI
    AWS S3 Bucket usage through AWS CLI

    Here you will understand AWS S3 Bucket usage through AWS CLI. Get to know how to access and store data in a S3 bucket using the AWS CLI: Amazon S3 which is also known as Simple Storage Service. It provides scalable and secure object storage through a web interface. So,…

READ MORE FROM THIS SERIES: