aws-ecr

Authenticate Docker to an ECR registry

$ aws ecr get-login-password | docker login --username AWS --password-stdin [account-id].dkr.ecr.[region].amazonaws.com

$ aws ecr create-repository --repository-name [my-repo]

$ aws ecr describe-repositories

$ aws ecr list-images --repository-name [my-repo]

$ aws ecr describe-images --repository-name [my-repo] --image-ids imageTag=[latest]

$ aws ecr batch-delete-image --repository-name [my-repo] --image-ids imageTag=[v1.0]

$ aws ecr put-lifecycle-policy --repository-name [my-repo] --lifecycle-policy-text file://[policy.json]

aws ecr command [options]

aws ecr is the AWS CLI interface for Amazon Elastic Container Registry (ECR), a fully managed Docker container registry. ECR makes it easy to store, manage, and deploy Docker container images with integration into Amazon ECS and EKS.
ECR provides private repositories with IAM-based access control, automatic image scanning for vulnerabilities, cross-region and cross-account replication, and lifecycle policies for image retention management.

get-login-password

Get authentication token for Docker login

Create a new image repository

List repository details

List images in a repository

Get detailed image information

Delete one or more images

Set image retention rules

Initiate vulnerability scanning

Get scan results

Configure cross-region replication

Authentication tokens expire after 12 hours. Image tags are mutable by default; enable tag immutability for production. Lifecycle policies run asynchronously and may take time to delete images. Image scanning must be enabled per repository or at registry level.

Amazon ECR launched in December 2015 alongside Amazon ECS. Cross-region replication was added in 2020, and enhanced scanning powered by Amazon Inspector launched in 2021. ECR Public for public container images became available in 2020.

aws(1), docker(1), aws-ecs(1), aws-eks(1)