Amazon EC2 announced today that their Container Registry (ECR) is now generally available. A blog that details the service and its components can be found here.
Like other container registries, Amazon ECR is a fully-managed Docker registry that makes it easy for developers to store, manage, and deploy Docker container images.
AWS is one of the primary destinations for companies to run their Docker containers. However, without a registry on AWS, users had to run a private Docker image registry or rely on 3rd-party registries. When you have to handle large-scale deployments or share images, it’s a hassle to say the least. Another challenge was that users need to maintain different credentials for a container registry outside Amazon and manage Amazon credentials for deploying the containers — this impacts workflows and adds unnecessary complexity.
Amazon’s announcement today was designed to eliminate these barriers and allow users a more seamless, end-to-end experience for container computing on EC2. With ECR, a user can now host container images in an integrated way with the rest of the EC2 platform. For example, ECR allows customers to use existing AWS IAM credentials and policies to control access to images. In addition, ECR provides high availability and scalability as part of its architecture, allowing users to focus on application-level logistics.
Users will be happy to know that ECR also supports Docker CLI, so you can easily push your container images to Amazon ECR from your development machine, and Amazon ECS can pull them directly for production deployments. This makes the process of storing, managing, and deploying Docker containers on AWS a seamless experience for AWS users.
Amazon ECR uses HTTPS to transfer images to the registry and stored images are encrypted at rest in S3. In addition, Amazon has announced a partnership with Twistlock to manage to provide vulnerability scanning of images stored within ECR. Amazon writes in their launch blog: “This makes it even easier for developers to evaluate potential security threats before pushing to Amazon ECR and allows developers to monitor their containers running in production.”
Many of Twistlock’s customers are already using AWS for its innovative and proven cloud capabilities and ECR makes it easier than ever to use AWS. For this integration, Twistlock is integrated with ECR to scan images uploaded to the registry. More specifically, Twistlock has enabled AWS users to use Amazon IAM credentials to access Twistlock services, regardless where they’ve deployed Twistlock. So the minute a new image appears in your registry, you can configure Twistlock services to scan for vulnerabilities before it’s deployed in production.
In addition to image scanning, Twistlock’s customers are already using Twistlock technologies to secure running containers in AWS. The ECR announcement made the full lifecycle protection for containers seamless. Twistlock’s CTO John Morello said: “This announcement helps our customers protect all their images across all the potential places they’re stored, from private clouds to public clouds and everywhere in between.”
Amazon is the latest platform provider to come to market with its own Docker registry. Google Cloud Platform announced their Container Registry in November. Certainly Docker runs its very popular Docker hub. For users that have a hybrid, multi-cloud strategy, having different registry choices to store images is a good thing as different applications may be amenable to different cloud platforms.
For users interested in more details on ECR, you can read Amazon’s launch blog here.
Twistlock also published a blog detailing the integration with ECR, and here is a video that shows how integration works.