Amazon Containerregistries are fully compliant with the Docker registry API that Codefresh follows.You can connect GCR like any[other Docker registry]({{site.baseurl}}/docs/docker-registries/external-docker-registries/amazon-ec2-container-registry/).

Amazon ContainerRegistries are fully compliant with the Docker registry API that Codefresh follows.Follow the instruction under[Amazon EC2 Container Registry]({{site.baseurl}}/docs/docker-registries/external-docker-registries/amazon-ec2-container-registry/) to connect.

{%

include image.html

lightbox="true"

file="/images/integrations/docker-registries/add-amazon-ecr-registry.png"

url="/images/integrations/docker-registries/add-amazon-ecr-registry.png"

alt="Connecting to ECR"

caption="Connecting to ECR"

max-width="70%"

%}

Once the registry is added you can the[standard push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/) step in pipelines. See also the documentation page for[working with Docker registries]({{site.baseurl}}/docs/docker-registries/working-with-docker-registries/).

Once the registry is added, you can use the[standard push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/) in your pipelines. See[working with Docker registries]({{site.baseurl}}/docs/docker-registries/working-with-docker-registries/) for more information.

toc:true

Go to your Account Configuration, by clicking on*Account Settings* on the left sidebar. On the first section called*Integrations* click the*Configure* button next to*Docker Registry*.

To configure ECR first select**Amazon ECR** from the new registry drop down

1. For resource-based users require permissions to call ecr:GetAuthorizationToken before they can authenticate to a registry and push or pull any images from any Amazon ECR repository, than you need provide push/pull permissions to specific registry. More information and examples can be found[here](http://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicies.html){:target="_blank"}.

{{site.data.callout.end}}

Go to your Account Configuration by clicking on*Account Settings* on the left sidebar. On the first section called*Integrations* click the*Configure* button next to*Docker Registry*.

To configure ECR, first select**Amazon ECR** from the new registry drop down

and then provided the following:

* Registry Name - unique name for this configuration.

* Region - AWS region.

* Check the Box*Resolve credentials from service account*

{{site.data.callout.callout_info}}

This option is for hybrid customers who use the Codefresh Runner on their accounts. You will also need to make sure you have set up a Kubernetes service account to use an IAM role. You can follow the[AWS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)

{{site.data.callout.end}}

There are four different levels to define the service account; Runtime, Account, Pipeline, Trigger.

The Runtime level is the lowest in the priority. You can define it in the Runtime Specification under runtimeScheduler > Cluster (same level as namespace) and specify the service account. The key for this will be`serviceAccount`. You can use the default and make sure you have the correct annotation added to the Service Account. Another option is to create a new service account with the proper permissions and annotations.

runtimeScheduler:

cluster:

namespace:codefresh

clusterProvider:

accountId:5c1658d1736122ee1114c842

selector:docker-desktop

serviceAccount:codefresh-engine

*[Building and pushing an image]({{site.baseurl}}/docs/yaml-examples/examples/build-and-push-an-image/)

- Using AWS Service Account for ECR Integration -[documentation]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/#setting-up-ecr-integration---service-account)

- New platform IP addresses -[documentation]({{site.baseurl}}/docs/administration/platform-ip-addresses/)