Docker Images and Containers in AWS

Posted on May 13, 2025
Profile
Gastón Gaitan
May 13, 2025 · 3 weeks, 3 days ago
Docker Images and Containers in AWS

Deploying Docker Containers to AWS with ECR and ECS

When working with containerized applications, AWS provides powerful services that allow developers to build, store, and deploy Docker images with security, scalability, and flexibility in mind. Two key services in this workflow are Amazon Elastic Container Registry (ECR) and Amazon Elastic Container Service (ECS).

What is ECR?

Amazon ECR is a fully managed Docker container registry provided by AWS. It allows developers to store, manage, and deploy container images securely. ECR is similar in concept to Docker Hub, but is designed to integrate tightly with AWS services.

Unlike Docker Hub, which is public by default and only supports private repositories in paid tiers, ECR is private by default and uses AWS IAM for fine-grained access control. This makes it a better choice for enterprise-grade solutions running entirely within AWS.

Typical Use Case

You create a Docker image of your application, tag it appropriately, and push it to ECR. From there, you can reference the image from ECS or another container service within your infrastructure.

# Authenticate Docker to your ECR registry
aws ecr get-login-password | docker login --username AWS --password-stdin <your-account-id>.dkr.ecr.<region>.amazonaws.com

# Build your Docker image
docker build -t my-app .

# Tag your image with the ECR repository URI
docker tag my-app:latest <your-account-id>.dkr.ecr.<region>.amazonaws.com/my-app

# Push the image to ECR
docker push <your-account-id>.dkr.ecr.<region>.amazonaws.com/my-app

What is ECS?

Amazon ECS is a container orchestration service that makes it easy to run, stop, and manage containers on a cluster of virtual machines or in a serverless environment using AWS Fargate. ECS handles all the heavy lifting of scheduling containers, managing availability, networking, and scaling.

You can define how your containers should run using Task Definitions, which are JSON templates that describe the image, CPU and memory configuration, networking mode, IAM roles, and environment variables.

{
  "containerDefinitions": [
    {
      "name": "my-app",
      "image": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:latest",
      "memory": 512,
      "cpu": 256,
      "essential": true
    }
  ],
  "family": "my-app-task"
}

How ECR and ECS Work Together

The workflow between ECR and ECS can be summarized as follows:

  1. You build a Docker image and push it to Amazon ECR.
  2. You define a Task Definition in ECS that references that image.
  3. You create a Service or run a Task in ECS (Fargate or EC2-backed cluster).
  4. ECS pulls the image from ECR and launches containers accordingly.
Tip: You can configure ECS to automatically pull the latest image from ECR every time a task starts. Use :latest tag with caution in production environments!

ECR vs Docker Hub: Key Differences

  • Security: ECR uses IAM for access control. Docker Hub uses user credentials or tokens.
  • Integration: ECR integrates natively with ECS, CodePipeline, and other AWS services.
  • Performance: ECR is regionally available, reducing image pull time within the same AWS region.
  • Pricing: ECR has predictable pricing with data transfer costs; Docker Hub offers a limited free tier.

Conclusion

If you're already using AWS for your infrastructure, adopting ECR and ECS makes container management much more efficient and secure. It simplifies the DevOps workflow, especially when deploying microservices, serverless containers, or CI/CD pipelines using AWS CodePipeline and CodeBuild.

Docker to AWS workflow