I stumbled up on this issue recently while setting up GHA and switched to AWS EC...

bityard · 2025-02-21T14:00:26 1740146426

This is using AWS ECR as a proxy to docker hub, correct?

Edit: Not exactly, it looks like ECR mirrors docker-library (a.k.a. images on docker hub no preceded by a namespace), not all of Docker Hub.

Edit 2: I think the example you give there is misleading, as Ubuntu has its own namespace in ECR. If you want to highlight that ECR mirrors docker-library, a more appropriate example might be `docker pull public.ecr.aws/docker/library/ubuntu`.

mdaniel · 2025-02-21T16:10:33 1740154233

I can tell you with 100% certainty that ECR definitely has limits, just not "screw you" ones like the blog post. So, while I do think switching to public.aws.ecr/docker/library is awesome, one should not make that switch and then think "no more 429s for me!" because they can still happen. Even AWS is not unlimited at anything

cmeacham98 · 2025-02-21T16:32:21 1740155541

Disclaimer: I work for Amazon, but not on ECR or ECR Public.

The rate limit for unauthenticated pulls is 1/second/IP, source: https://docs.aws.amazon.com/general/latest/gr/ecr-public.htm...

hereonout2 · 2025-02-21T18:07:33 1740161253

Weirdly we just this week came across docker hub limiting our pulls from a CI job in AWS.

Not something we'd encountered before but seems earlier than these changes are meant to come into effect.

We've cloned the base image into ECR now and are deriving from there. This is all for internal authenticated stuff though.