Containers
Amazon ECR
Private Docker container registry.
Official docsOverview
Elastic Container Registry stores, scans (basic + enhanced via Inspector), and serves OCI images with IAM-based access.
When to use it
- Hosting images consumed by ECS/EKS/Lambda
- Vulnerability scanning in CI
Setup
- Create a repository.
- Authenticate Docker: `aws ecr get-login-password | docker login --username AWS --password-stdin <acct>.dkr.ecr.<region>.amazonaws.com`.
- Enable Scan on Push.
How to use
Push
docker tag my-app:latest <acct>.dkr.ecr.us-east-1.amazonaws.com/my-app:latest
docker push <acct>.dkr.ecr.us-east-1.amazonaws.com/my-app:latestQA use cases
- Fail the QA pipeline if ECR scan reports HIGH/CRITICAL CVEs on the image under test.