A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker looks for images on Docker Hub by default. You can even run your own private registry. When you use the docker pull or docker run commands, Docker pulls the required images from your configured registry. When you use the docker push command, Docker pushes your image to your configured registry.
It is the central source of truth in your CI/CD pipeline. In a professional AWS-based workflow, the registry acts as the bridge between your GitHub Actions (where the image is built) and AWS App Runner or ECS (where the image is deployed).
At its core, a registry is a stateless, highly scalable server-side application that stores and lets you distribute Docker images.
Registry: The entire hosting service (e.g., Docker Hub, Amazon ECR, Google Container Registry).
Repository: A collection of different versions of the same image (e.g., my-node-app).
Tag: The specific version of the image (e.g., v1.0.2, latest, or a git commit hash).
The full path usually looks like: registry-url/project-name/repository-name:tag.
Public Registries (The Library): Docker Hub, GitHub Packages (GHCR)
Private Registries: Amazon ECR (Elastic Container Registry), Self-Hosted (Harbor/Nexus)
Login: The client authenticates (e.g., aws ecr get-login-password).
Tagging: You must tag your local image with the registry's URL: docker tag my-app:latest <account_id>.dkr.ecr.us-east-1.amazonaws.com/my-app:v1
Push: The client uploads the image layers. Only new or changed layers are uploaded, saving bandwidth.
Pull: The production server (AWS ECS) pulls the image using the same URI to start the container.