Push a Docker image to Amazon Elastic Container Registry (ECR)

Reference commands for creating and pushing repositories on ECR.
# e.g. 000000000000 (12 digits).
# e.g. us-east-1.
# e.g. debian.

Create an ECR repository using CLI

aws ecr create-repository \
    --repository-name "$repo_name" \
    --region "$aws_region"

Alternatively, here’s how to delete a test repository from the CLI.

aws ecr delete-repository \
    --repository-name "$repo_name" \
    --region "$aws_region" \

Docker login

Click “View push commands” in the top right.

Retrieve the login command to use to authenticate your Docker client to your registry.

Using an Authorization Token

An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.

CLI v2

Note that there are currently some issues with CLI v2: https://github.com/aws/aws-cli/issues/4962

For more information, see Registry Authentication in the Amazon Elastic Container Registry User Guide.

This currently works:

password="$( \
    aws ecr get-authorization-token \
        --region "${aws_region}" \
        --output text \
        --query 'authorizationData[].authorizationToken' \
        | base64 -d \
        | cut -d: -f2 \
echo "$password" \
    | docker login \
        --password-stdin \
        --username AWS \

The default recommended approach currently isn’t working for me:

aws ecr get-login-password \
    | docker login \
        --password-stdin \
        --username AWS \

CLI v1 (deprecated)

eval "$( \
    /usr/bin/aws ecr get-login \
        --no-include-email \
        --region "$aws_region" \

Build and push to ECR

Refer to the Docker basics guide for instructions.

Note that I’m currently using Dockerfiles extending my Acid Genomics images available publicly on DockerHub.

docker build -t "$repo_name" .
docker images --filter reference="$repo_name"
docker tag "$repo_name" "$repo_url"
docker push "$repo_url"

See also: