TECH_COMPARISON
ECR vs Docker Hub vs GHCR: A Detailed Comparison for System Design
Compare ECR, Docker Hub, and GitHub Container Registry for image storage — covering pricing, access control, CI/CD integration, and more.
ECR vs Docker Hub vs GHCR
Amazon ECR, Docker Hub, and GitHub Container Registry (GHCR) are the three most popular container image registries. ECR integrates with AWS. Docker Hub is the default public registry. GHCR integrates with GitHub. Each excels in its ecosystem.
Registry Architectures
Amazon ECR
ECR is a fully managed registry within AWS. Private repositories use IAM for authentication — no separate credentials needed for ECS, EKS, or Lambda. Image lifecycle policies automatically clean old images. Cross-region replication keeps images close to multi-region deployments. ECR Public provides a gallery for open-source images.
Docker Hub
Docker Hub is the original and largest container registry. When you docker pull nginx, it comes from Docker Hub. The free tier includes unlimited public repos and one private repo. Paid plans ($5-25/month per seat) add more private repos and teams. The rate limit (100 pulls/6hr for anonymous users) is the biggest operational concern.
GitHub Container Registry (GHCR)
GHCR stores container images alongside your code on GitHub. Packages link to repositories. GitHub Actions can build and push without external credentials. Org-level permissions follow your existing GitHub team structure. Public packages are free with unlimited bandwidth.
Rate Limits and Availability
Docker Hub's rate limits have caused widespread CI/CD pipeline failures. ECR and GHCR have no such limits for authenticated users. This alone drives many organizations to mirror base images from Docker Hub into ECR or GHCR.
For reliable CI/CD pipelines, depending on Docker Hub without a mirror or cache is risky.
Cost Comparison
ECR charges $0.10/GB/month for storage plus data transfer. GHCR charges based on GitHub plan storage. Docker Hub's paid plans are per-seat. For small teams, GHCR or Docker Hub free tiers work well. For AWS-heavy organizations, ECR's cost is justified by integration value.
System Design Perspective
In system design interviews, container registry choice affects deployment architecture. ECR for AWS-native systems, GHCR for GitHub-native CI/CD, Docker Hub for public distribution. See also: container deployment patterns and infrastructure decisions.
GO DEEPER
Master this topic in our 12-week cohort
Our Advanced System Design cohort covers this and 11 other deep-dive topics with live sessions, assignments, and expert feedback.