Ref: https://learn.cantrill.io/courses/1820301/lectures/42264147

• Summary
• Contents:

Amazon ECR - Key Concepts

• 🔧 AWS-managed container image registry service
  • Like Docker Hub, but for AWS
    • 👍 Integrated with AWS suite of products (check benefits section)
  • Images can be used by any container application (Docker, ECS, EKS…)
• ❗ Each AWS account has one public AND one private registry in ECR
  • Public = Read operations are public, Write operations require permissions
    • anyone can pull image, but push requires permissions
  • Private = Permissions required for any R/W operations
• Each registry can have many repositories
  • 💡 Like repos in a code version control system like GitHub
  • Each repo can contain many images
    • Images can have several tags
    • Image tags must be unique within the repo

Amazon ECR - Benefits

• 👍 Integrated with IAM
  • Permissions to access anything within ECR are controlled by AWS IAM
• 👍 Image scanning
  • Can scan for issues (e.g. vulnerabilities) in the OS & any SW packages within your containers → Really useful feature!
  • Works on a layer-by-layer basis
  • Two options: basic & enhanced
    • Enhanced uses Amazon Inspector
• 👍 Near-real-time metrics → CloudWatch
  • Auth, push, pull operations on any container images
• 👍 API actions logged into CloudTrail
• 👍 Events delivered to EventBridge (can form part of event-driven workflows)
• 👍 Replication of container images
  • Both cross-region AND cross-account