Amazon ECR Pulling an Image
By: Date: 04/04/2022 Categories: AWS,AWScommunity Tags:

To run a Docker image that is available in Amazon ECR, you can pull it to your local environment with the docker pull command.

  1. From an EC2 instance/Workstation, run the below command as mentioned here [1] to install AWS CLI


      curl “” -o “”


      sudo ./aws/install


      You would also need ‘unzip’ package to install using this command ‘apt-get install unzip’ before running the above commands

  2. Install docker as mentioned here [2] and start the service using this command ‘service docker start’

sudo apt-get update

$ sudo apt-get install \

    ca-certificates \

    curl \

    gnupg \


curl -fsSL | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
 $ sudo apt-get install docker-ce docker-ce-cli

  3. Since you were performing these steps from an EC2 instance, we made sure that the instance role attached[3] to it had the below permissions to pull the ECR images and copy it to S3 bucket





      Note: Once you’re done with this, I would recommend detaching these policies as they give full access to your EC2 instance to S3 bucket & ECR registry

  4. Once you’ve the above setup done, then follow the below instructions mentioned here [4][5] to authenticate and pull images from ECR


      aws ecr get-login-password –region region | docker login –username AWS –password-stdin <aws_account_id>.dkr.ecr.<region>

      docker pull <aws_account_id><ecr_repo_name>:<image_tag>


  5. Once you have the image, run the below command to save it to a tar using below ‘docker save'[6] command


      docker save <aws_account_id><ecr_repo_name>:<image_tag> > <image_name>.tar


  6. Copy this tar ball to a S3 bucket using the below ‘aws s3 cp'[7] command


      aws s3 cp <image_name>.tar s3://<s3_bucket_name>


  7. Once the tar ball is uploaded to S3, download[8] it to your local machine and run the below ‘docker load'[9] command on your powershell to load the image from the tar archive


Copy the docker image .tar file in C:\temp

      docker load –input <image_name>.tar


  8. Run the below commands to confirm the image and also rename it to the name you desire


      docker images

      docker tag <aws_account_id><ecr_repo_name>:<image_tag> <desired_image_name>:<image_tag>

Read more: Amazon ECR