By default, Docker pushes its images to Docker Hub.
While Docker Hub is a great way to share both your public and private images, you may find the rest of your infrastructure on one of the prominent cloud providers.
In this instance, you are using many of the other AWS resources, so why not use Elastic Container Registry – or ECR for short – instead?
In this guide, we will replace
<region> with your desired region in AWS. That could look something like
In my example, I will use
eu-west-2, also known as
How to create an AWS ECR Repository
Head over to your AWS Console and find the ECR Respositories:
We will now give our repository a name; this name will align with our local docker image name for simplicity sake:
Other than making sure to select
Private for our repository, we will leave all other settings to default and click
Create repository to complete.
Private will make sure that only permitted, authenticated users will have access to our image. We could have selected
Public if we wanted to share it with the world instead.
We can now see that it successfully created our new repository for us:
How to view your local Docker images
docker images command will provide a list of all your local images.
For this guide, it is important to take note of the
IMAGE ID column, and see the appropriate hashed value for each image available.
REPOSITORY TAG IMAGE ID CREATED SIZE
my_app latest 55cad0ef9c49 4 hours ago 381MB
Take note that the repository name is the same as what we called it in AWS ECR. This does not need to be the same but is useful to help us if we have a large number of images to manage
Login Docker to use AWS ECR
Much like running
docker login will authenticate against Docker Hub, a similar command will help you login to AWS ECR to authenticate your docker images to.
Run the following command to login to AWS ECR with docker:
The Old Way (deprecated):
$(aws ecr get-login--region <region>)
This will tell Docker to login to AWS ECR for us using a token. To see what happens at this step, run the command without the
$() prefix and suffix (remembering to swap out for your
aws ecr get-login --region <region>
This will yield a result back in your terminal; something like:
docker login -u AWS -p eyls...<REDACTED>...zcQ== -e none https://2133xxxxxxxx.dkr.ecr.eu-west-2.amazonaws.com
Note: If you ran the command and got an error like
unknown shorthand flag: 'e' in -e, then simply remove this
-e none and run the command again.
This will successfully login and associate your Docker remote to AWS ECR.
The New Way (recommended):
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
How to tag your image
Now you are all setup and you can tag your image.
If we run
docker images again, we can see that our
IMAGE ID for the
my_app repository is
So let’s combine this into our command we need to run:
docker tag 55cad0ef9c49 2133xxxxxxxx.dkr.ecr.eu-west-2.amazonaws.com/my_app
Note: Remember to specify your aws_account_number as well as aws_region and repository_name in the above command. (I simply copied this from the
Private repository page directly.
Now if I re-run the
docker images command, I will have a new entry at the top:
REPOSITORY TAG IMAGE ID CREATED SIZE
2133xxxxxxxx.dkr.ecr.eu-west-2.amazonaws.com/my_app latest 55cad0ef9c49 4 hours ago 381MB
How to push my image to AWS ECR
Now the only step left, is to push our tagged image to our newly created repository.
docker push 2133xxxxxxxx.dkr.ecr.eu-west-2.amazonaws.com/my_app
We should now see the image being pushed up to AWS ECR!
Using default tag: latest
The push refers to repository [2133xxxxxxxx.dkr.ecr.eu-west-2.amazonaws.com/my_app]
2e6d5f7b1f40: Pushing [===============================> ] 35.62MB/56.1MB
d8db330382da: Pushing [======> ] 38.3MB/319.2MB
When this has completed, we will see a completion message in our CLI:
latest: digest: sha256:2579d..<REDACTED>..aa0e47e size: 953
We can also return to the AWS Console and see our image in our repository: