This lab is currently in Beta, content may be updated as we refine the material
LABINTERMEDIATE

ECR Image Build and Lifecycle

Build and push a Docker image to Amazon ECR with scan-on-push, manage tags, apply a lifecycle policy, and configure cross-region replication.

45 minutes
aws/devops
ECR Image Build and Lifecycle - Platform Engineering Hands-On Lab Icon

Lab Overview

In this lab you'll operate Amazon ECR end-to-end like a DevOps engineer. You'll create an ECR repository with tag immutability and scan-on-push, build a small Dockerfile-based image and push two tagged versions, view the vulnerability scan results, apply a lifecycle policy that deletes untagged images older than 7 days while keeping the last 10 tagged images, and configure a same-account cross-region replication rule so the image is copied to a target region.

You will:

  • Create a private ECR repository with `IMMUTABLE` tag mutability and scan-on-push enabled
  • Authenticate Docker to ECR, build a tiny Alpine-based image, and push `:v1` and `:v2`
  • Inspect ECR scan findings via the CLI
  • Attach a JSON lifecycle policy with two rules (untagged > 7 days, keep last 10 tagged)
  • Configure a cross-region replication rule (us-east-1 to us-west-2) and verify the replica

This lab uses the `ubuntu2024` image and the standard hardened TeKanAid AWS lab IAM policy with ECR access added. Docker is installed automatically by the setup script.

What You'll Learn

Create a private ECR repository with tag immutability and scan-on-push

Authenticate Docker to ECR and push multi-tag container images

Inspect ECR vulnerability scan findings via the AWS CLI

Author and apply an ECR lifecycle policy using JSON rules

Configure a cross-region ECR replication rule and verify replicated images

Prerequisites

basic-docker-familiarity

aws-cli-familiarity

aws-devops-cli-operations-baseline

Technologies Covered

awsecrdockercontainersimage-scanninglifecycle-policyreplicationdop-c02

Part of a Course

This lab is part of the AWS Certified DevOps Engineer - Professional (DOP-C02) course

View All Courses

Choose your plan

Simple, Transparent Pricing

Unlock full access to TeKanAid courses, labs, and bootcamps

Buying for a team? Private corporate training is available for up to 15 learners.View team training
MonthlyQuarterly

Pro

Course content without labs

$59/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Full access to all courses
  • Progress tracking
  • Certificate of completion
  • Community access
  • Bootcamp participation
  • New content access
Recommended

Premium

Full access with hands-on labs

$99/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Everything in Pro
  • Unlimited hands-on labs
  • Lab AI Assistant
  • Accelerator bootcamps with live office hours
  • Priority support
Get Access Now

Prefer a single course?

Purchase individual courses for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.

Browse Courses

Try it free, no credit card

Three free ways to start. All bridge into the paid Premium catalog when you're ready.

▶ Start with free courses and labs🧩 Solve your first free puzzle📧 Get the free 7-day crash course

Not ready to commit? The crash course is email-only. No academy account required.

Ready to Get Started?

Start this hands-on lab and build real-world Platform Engineering skills

Get Access Now