Amazon Web Services Inc. is planning to create its own public container image registry in response to Docker Inc.’s decision to impose pull rate limits on Docker Hub.

The public cloud infrastructure provider has also posted some advice on how customers can avoid their application deployments breaking because of the limits.

The Docker Hub is a public repository of container images that are used to host the components of cloud-based applications. The vast majority of developers don’t create containers for common applications they use, such as Apache Web Server or MySQL DBMS, but instead pull one from Docker hub or another repository and start running it immediately.

So in most cases, production software chains consist of downloading a popular container image, running it for a short time, and then dumping it. When they need to use an application again they just repeat the process.

That’s all well and good, except that Docker has said it’s struggling with a small number of users that are having an “outsized impact,” with roughly 30% of all container image downloads coming from just 1% of anonymous or free users. Because bandwidth isn’t free, Docker said, it will try to stop that small group from hogging it all by imposing pull rate limits on free and anonymous Docker Hub users.

This started on Nov. 2, and anonymous and free users are now limited to 5,000 Docker Hub pulls every six hours. Eventually, this limit will be reduced further, to just 100 pulls per six hours for anonymous users, and 200 per six hours for free users.

“Our customers should expect some of their applications and tools that use public images from Docker Hub to face throttling errors,” said AWS technical product manager Omar Paul and developer advocate Michael Hausenblas in a blog post. Google has expressed similar concerns about the issue.

Amazon’s short-term fix is to copy the public images you regularly use to the Amazon Elastic Container Registry, or another registry, or take out a paid Docker Hub subscription to avoid the rate limiting.

Eventually though, Amazon will offer its own public container registry as an alternative. “Developers will be able to use AWS to host their private and public container images,” the company said, as well as “related files like helm charts and policy configurations.”

Amazon is planning to create a new website that anyone can browse through and pull available images from, including anonymous users. The company will also create its own images for services such as AWS Deep Learning and AWS CloudWatch.

To avoid any “outsized impact” like Docker has seen, Amazon will impose limits of its own. Developers that share public images will get 50 gigabytes of free storage and be able to pull images free anonymously for the first 500 gigabytes of data bandwidth each month. By authenticating with AWS, that limit will be increased to 5 terabytes per month. Moreover, workloads that run on AWS will get unlimited bandwidth for pulling container images.

Constellation Research Inc. analyst Holger Mueller said it was good to see Amazon stepping at a time when utilization of popular container images might be hampered.

“This is the case with Docker needing to throttle some users from excessive image pulls from the Docker hub,” Mueller said. “But although this is a noble effort by AWS, it does also create more dependence on the company, and that’s something enterprise executives will need to factor in.”

Amazon said it has been building its container image registry for several months already, partly in response to customer requests for just such a service.

Image: evening_tao/freepik