Amazon ECR
Elastic Container Registry - Store and manage Docker images
💵 Cost: ECR is very affordable - $0.10/GB/month storage. A typical Next.js image (300MB) storing 10 versions costs <$1/month. Set up lifecycle policies to auto-delete old images and minimize costs.
What is ECR?
Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry. It stores, manages, and deploys your Docker images so that ECS and other services can pull them when running containers.
Think of it as...
ECR is like Docker Hub, but private and integrated with AWS. Your images are stored securely and can only be accessed by services in your AWS account (or accounts you explicitly allow).
Why Use ECR?
- Private Registry: Your images are not publicly accessible
- AWS Integration: Seamless authentication with IAM
- High Availability: Images replicated across multiple AZs
- Security Scanning: Automatic vulnerability detection
- Lifecycle Policies: Automatically clean up old images
ECR Concepts
| Concept | Description |
|---|---|
| Registry | Your private registry URL: 123456789.dkr.ecr.region.amazonaws.com |
| Repository | A collection of related images (like a project folder) |
| Image | A specific version of your container, identified by tag or digest |
| Tag | Human-readable label like latest, v1.0.0, or abc123 |
If you want to push images manually (Copilot does this automatically):
Step 1: Authenticate Docker with ECR
Terminal
$aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.ap-southeast-1.amazonaws.com
Login Succeeded
Step 2: Create a Repository
Terminal
$aws ecr create-repository --repository-name my-app --region ap-southeast-1
{
"repository": {
"repositoryUri": "123456789.dkr.ecr.ap-southeast-1.amazonaws.com/my-app",
"registryId": "123456789"
}
}Step 3: Tag and Push Your Image
Terminal
$docker tag my-app:latest 123456789.dkr.ecr.ap-southeast-1.amazonaws.com/my-app:latest
docker push 123456789.dkr.ecr.ap-southeast-1.amazonaws.com/my-app:latest
The push refers to repository [123456789.dkr.ecr.ap-southeast-1.amazonaws.com/my-app] abc123: Pushed def456: Pushed latest: digest: sha256:... size: 1234
Copilot Handles This
When using AWS Copilot, you never need to run these commands manually. Copilot creates the repository, builds your image, and pushes it automatically during
copilot deploy.Pricing
- Storage: $0.10 per GB per month
- Data Transfer: Free within same region, standard rates for cross-region
A typical Next.js app image is 200-500MB. With lifecycle policies keeping 10 images, expect costs under $1/month.