Skip to main content
Welcome — in this lesson we create an Amazon ECR (Elastic Container Registry) repository and review how to prepare images for pushing from your local machine or a CI pipeline. Before you begin, sign in to the AWS Management Console and confirm you are operating in the correct AWS region used by this lesson: eu-central-1 (Frankfurt). In the Console search bar, type “ECR” and select Elastic Container Registry. ECR provides Docker-compatible container image repositories hosted in AWS (similar to Docker Hub, but managed inside your AWS account).
  1. Click Get started.
  2. Choose the repository visibility. Most organization images should be kept private — leave the default Private repository.
  3. Give the repository a name. In this lesson we use cryptoproject.
  4. Leave the remaining settings at their defaults. (Enabling “Scan on push” is recommended for production images; see the warning below.)
  5. Click Create repository.
The image shows the "Create repository" page on the Amazon Elastic Container Registry (ECR) console, displaying options for setting visibility, repository name, and image scan settings.
Once the repository is created it appears in your account and will store all images for this application. Locate the repository URI in the repository details — this fully qualified endpoint is used to tag and push images. Example format: <ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/<REPOSITORY_NAME> For example: 012345678901.dkr.ecr.eu-central-1.amazonaws.com/cryptoproject
The image shows an AWS Elastic Container Registry (ECR) interface with a private repository named "cryptoproject" displayed. The repository details include its URI, creation date, and encryption type.
Commands to authenticate Docker to ECR, tag a local image, and push it to your ECR repository. Replace the placeholders with values from your account:
For easier reuse in scripts and CI, replace the account and region with variables (example):
Ensure your AWS CLI is configured with credentials that have the required ECR permissions. Typical actions needed when pushing images include: ecr:GetAuthorizationToken, ecr:BatchCheckLayerAvailability, ecr:InitiateLayerUpload, ecr:UploadLayerPart, ecr:CompleteLayerUpload, and ecr:PutImage. Also verify your CLI region matches the repository’s region.
Permissions summary
For production images, enable “Scan on push” to automatically scan images for vulnerabilities. Also follow the principle of least privilege for credentials used by CI systems; prefer short-lived credentials or IAM roles where possible.
Next steps
  • Build your Docker image locally (for example, docker build -t my-local-image .) and then follow the tag/push steps above.
  • Or automate image builds and pushes from your CI pipeline (examples: AWS CodePipeline, GitHub Actions, GitLab CI). Configure the CI runner with appropriate IAM permissions or use an IAM role attached to the build environment.
Links and references

Watch Video