Getting Started with Amazon ECR: A Beginner’s Guide to Managing Docker Images on AWS

As a DevOps engineer at Appsolute Innovation, I've worked extensively with AWS services. One tool that has consistently proven invaluable is Amazon ECR (Elastic Container Registry) — a fully managed Docker container registry that simplifies storing, managing, and deploying container images. In this guide, I’ll walk you through what Amazon ECR is, why it’s useful, and how to get started.

What is Amazon ECR?

Amazon Elastic Container Registry (ECR) is a managed Docker container registry service by AWS. It integrates seamlessly with Amazon ECS, EKS, and AWS Lambda, making it easy to store and retrieve container images securely.

Think of it like DockerHub, but within your AWS ecosystem — faster, more secure, and scalable.

Why Use Amazon ECR?

Here’s why I recommend ECR for beginners and professionals alike:

• Fully Managed: No need to manage your own registry infrastructure.
• Secure: AWS IAM authentication and encrypted image storage.
• Integrated with CI/CD: Works well with AWS CodePipeline, Jenkins, GitHub Actions, etc.
• High Availability: Backed by AWS infrastructure with high durability.

How to Get Started with Amazon ECR (Using CLI)

Let me walk you through the basic steps I follow when setting up ECR repositories and pushing Docker images.

Step 1: Prerequisites

Before we start, make sure you have:

• An AWS account
• AWS CLI installed and configured
• Docker installed on your local machine

Run this to verify AWS CLI:

aws --version

Step 2: Create an ECR Repository

Run this command to create a new repository:

aws ecr create-repository --repository-name my-app --region us-east-1

This will output your new repository's URI. Example:

123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app

Step 3: Authenticate Docker to Your ECR

Use this AWS CLI command to authenticate Docker:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.com

This step is essential — I’ve often seen developers stuck here due to expired credentials or region mismatches.

Step 4: Tag and Push Your Docker Image

Build and tag your Docker image:

docker build -t my-app .
docker tag my-app:latest 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:latest

Then push to ECR:

docker push 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:latest

Step 5: Pull the Image from ECR

From any machine (after authentication), you can pull the image:

docker pull 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:latest

This is super useful for deployments on ECS, EKS, or even EC2 instances.

Alternative: How to Use Amazon ECR from the AWS Management Console

If you’re more comfortable with a visual interface, the AWS Console makes it simple to create and manage your ECR repositories. Here's how to do it step-by-step:

Step 1: Sign in to AWS Console

1. Go to https://console.aws.amazon.com.
2. In the search bar, type ECR and select Elastic Container Registry.

Step 2: Create a Repository

1. Click on Repositories in the left sidebar.
2. Click the “Create repository” button.
3. Choose Private repository.
4. Enter your repository name (e.g., my-app).
5. Optional settings:
   • Tag immutability: Enable if you don’t want to overwrite image tags.
   • Scan on push: Enable for vulnerability scanning.
6. Click “Create repository”.

Now your repository is ready!

Step 3: Authenticate Docker with ECR

You’ll still need to use the CLI to authenticate Docker:

1. Click into your repository.
2. At the top right, click “View push commands”.
3. Follow the commands shown — the first one is usually the authentication command like:

aws ecr get-login-password --region your-region | docker login --username AWS --password-stdin <your-repo-uri>

Step 4: Push Docker Image (From CLI)

After authentication, follow the remaining steps from earlier (build, tag, push) using the CLI — even if you created the repository in the Console.

Step 5: View and Manage Images

1. Go to your ECR repository in the console.
2. You’ll see all the pushed image versions and tags listed.
3. You can delete, scan, or manage lifecycle policies directly from here.

Tips from Experience

• Tag Images Properly: Always use version tags (v1.0.0, latest, etc.) to avoid confusion.
• Use Lifecycle Policies: Clean up old images automatically to save storage costs.
• Set Permissions Carefully: Use IAM roles and policies to restrict access to specific repos.

Bonus: Set Up Lifecycle Policy (Optional but Recommended)

1. Open your repository.
2. Go to the “Lifecycle Policy” tab.
3. Click “Edit” and add a rule, like:
   • Delete untagged images older than 30 days.
   • Retain only the last 5 images.

This helps you avoid bloating your storage with unused images.

ECR Pricing Overview

You pay for the storage of your container images and data transfer. AWS offers 500MB of free storage per month per account, which is sufficient for testing and small apps.

Use Case at Appsolute Innovation

We use ECR as part of our CI/CD pipeline. Every merge to the main branch triggers a GitHub Action that builds a Docker image, pushes it to ECR, and deploys it via ECS. This automation has saved hours of manual effort and improved deployment reliability.

Conclusion

Amazon ECR is an essential service for managing Docker images on AWS. Whether you're deploying microservices on ECS or building serverless apps with Lambda, ECR simplifies your container image management.

If you’re just getting started, I hope this guide helps you set up and use ECR with confidence.