Amazon ECR private registry - Amazon ECR
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon ECR private registry

An Amazon ECR private registry hosts your container images in a highly available and scalable architecture. You can use your private registry to manage private image repositories consisting of Docker and Open Container Initiative (OCI) images and artifacts. Each Amazon account is provided with a default private Amazon ECR registry. For more information about Amazon ECR public registries, see Public registries in the Amazon Elastic Container Registry Public User Guide.

Private registry concepts

  • The URL for your default private registry is

  • By default, your account has read and write access to the repositories in your private registry. However,users require permissions to make calls to the Amazon ECR APIs and to push or pull images to and from your private repositories. Amazon ECR provides several managed policies to control user access at varying levels. For more information, see Amazon Elastic Container Registry Identity-based policy examples.

  • You must authenticate your Docker client to your private registry so that you can use the docker push and docker pull commands to push and pull images to and from the repositories in that registry. For more information, see Private registry authentication.

  • Private repositories can be controlled with both user access policies and repository policies. For more information about repository policies, see Private repository policies.

  • The repositories in your private registry can be replicated across Regions in your own private registry and across separate accounts by configuring replication for your private registry. For more information, see Private image replication.