Private registry settings in Amazon ECR - Amazon ECR
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Private registry settings in Amazon ECR

Amazon ECR uses private registry settings to configure features at the registry level. The private registry settings are configured separately for each Region. You can use private registry settings to configure the following features.

  • Registry permissions – A registry permissions policy provides control over the replication and pull through cache permissions. For more information, see Private registry permissions in Amazon ECR.

  • Pull through cache rules – A pull through cache rule is used to cache images from an upstream registry in your Amazon ECR private registry. For more information, see Sync an upstream registry with an Amazon ECR private registry.

  • Replication configuration – The replication configuration is used to control whether your repositories are copied across Amazon Web Services Regions or Amazon Web Services accounts. For more information, see Private image replication in Amazon ECR

  • Repository creation templates – A repository creation template is used to define the standard settings to apply when new repositories are created by Amazon ECR on your behalf. For example, repositories created by a pull through cache action, create on push, or replication. For more information, see Templates to control repositories created during a pull through cache, create on push, or replication action.

  • Scanning configuration – By default, your registry is enabled for basic scanning. You may enable enhanced scanning which provides an automated, continuous scanning mode that scans for both operating system and programming language package vulnerabilities. For more information, see Scan images for software vulnerabilities in Amazon ECR.

  • Pull-time update exclusion – You can configure pull-time update exclusions to prevent the last pull time from being updated for specific images when they are pulled. This is useful for images that are used for testing or CI/CD purposes where you don't want the pull time to affect lifecycle policy decisions. For more information, see Pull-time update exclusions.