In this chapter, you learned how to create and manage ECR repositories that you can use to store your Docker images securely and privately. After creating your first ECR repository, you learned how to authenticate to ECR using the AWS CLI and Docker client, and then successfully tagged and published your Docker image to ECR.
With your Docker image published, you then learned about the various scenarios for which Docker clients may need to access your repository, which included ECS container instance access from the same account as your ECR repository, ECS container instance from a different account as your ECR repository (that is, cross-account access), and finally granting access to AWS services such as CodeBuild. You created ECR resource policies, which are required when configuring cross-account access and when granting access to AWS services, and you learned that despite the creation of ECR resource policies in a central account that define remote accounts as trusted, you still need to create IAM policies in each remote account that explicitly grant access to your central account repositories.
Finally, you created ECR lifecycle policy rules that allow you to automatically and periodically remove untagged (orphaned) Docker images, which helps to reduce your storage costs. In the next chapter, you will learn how to build and publish your own custom ECS container instance Amazon Machine Images (AMIs), using a popular open source tool called Packer.