AWS::ECR::Repository

• A private container registry (for a public one see AWS::ECR::PublicRepository)
• Integrated with IAM, ECS & EKS
• For EKS Worker Nodes to be able to reach ECR, the policy AmazonEC2ContainerRegistryReadOnly must be set up for the node group
• All container images are backed by S3
• Docker images with the same content but different tags are considered the same

Terminology

• Registry: it's one per region. It's not a resource. There you can create the repositories
• Repository: a repository should contain container images of the same project (e.g., alpine linux)
• Repository Policy: control access to the repository and its images
• Authorization Token: token generated by ecr to be used in docker cli
• Image: container images

Billing

• Pay for the amount you store and data transferred to the internet

Properties

• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html

Type: AWS::ECR::Repository
Properties:
  EmptyOnDelete: Boolean
  EncryptionConfiguration:
    EncryptionConfiguration
  ImageScanningConfiguration:
    ImageScanningConfiguration
  ImageTagMutability: String
  LifecyclePolicy:
    LifecyclePolicy
  RepositoryName: String
  RepositoryPolicyText: Json
  Tags:
    - Tag

ImageTagMutability

• When tag immutability is turned on for a repository, tags are prevented from being overwritten.