How can I use AWS ECR?

This tutorial demonstrates how to download a docker image from a private AWS Elastic Container Registry (ECR) and run it in Docker on a DevZero DevBox.

Template Setup #

In order to access ECR, you will need the aws cli installed, as well as Docker to run the container image. The minimal template below installs these tools:

- packagename: awscli

- script: |
   # docker install instructions from:
   apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y
   curl -fsSL | \
   gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \ $(lsb_release -cs) stable" | \
   tee /etc/apt/sources.list.d/docker.list > /dev/null
   apt-get update -y
   apt-get install docker-ce docker-ce-cli -y
   usermod -aG docker devzero 

Environment Configuration #

Once started, the environment must be configured with AWS credentials. Follow this guide to set up the AWS CLI:

Once configured, you must login to docker. From the terminal on your DevBox run, ensuring that region and aws_account_id are substituted with the region of the ECR repository and the AWS account id. You can find these values in your AWS console.

aws ecr get-login-password --region region | docker login --username AWS --password-stdin

See for more information if you have difficulty logging in.

Running the Image #

‍Now that Docker is logged into the ECR registry, you can pull down the private image. You can find the image URI in the console. In the example below a public ECR image is used but a private image will work identically.

docker pull  <image_uri>

For example:

docker pull
stable: Pulling from nginx/nginx
31b3f1ad4ce1: Pull complete
66a98d59896d: Pull complete
24c392b45f28: Pull complete
165e89c55246: Pull complete
2ffb33914b01: Pull complete
14a89ead234b: Pull complete
Digest: sha256:ba1151158efbe81cfbdae172e8998ed3423bf74c8d6d236407560ae62ccc881e
Status: Downloaded newer image for

Run the image:

docker run <image_uri>

For example:

docker run --name nginx -d

Finally, confirm the container is running:

❯ docker ps
CONTAINER ID   IMAGE                               COMMAND                  CREATED         STATUS         PORTS     NAMES
fbc5ccfa3cff   "/docker-entrypoint...."   7 seconds ago   Up 5 seconds   80/tcp    nginx

PreviousHow can I use Tailscale?
NextHow can I use AWS SQS?