The ECR is where you can store your Docker images for ECR. They can be stored publicly or privately and this is backed by S3. Access for your EC2 instances is determined by IAM permission privately so it is important to make sure your IAM policies are configured correctly. The ECR also supports other features such as scanning images for vulnerabilities, versioning, which is similar to S3, and image lifecycles.