This is using AWS ECR as a proxy to docker hub, correct?

Edit: Not exactly, it looks like ECR mirrors docker-library (a.k.a. images on docker hub no preceded by a namespace), not all of Docker Hub.

Edit 2: I think the example you give there is misleading, as Ubuntu has its own namespace in ECR. If you want to highlight that ECR mirrors docker-library, a more appropriate example might be `docker pull public.ecr.aws/docker/library/ubuntu`.

I can tell you with 100% certainty that ECR definitely has limits, just not "screw you" ones like the blog post. So, while I do think switching to public.aws.ecr/docker/library is awesome, one should not make that switch and then think "no more 429s for me!" because they can still happen. Even AWS is not unlimited at anything

Disclaimer: I work for Amazon, but not on ECR or ECR Public.

The rate limit for unauthenticated pulls is 1/second/IP, source: https://docs.aws.amazon.com/general/latest/gr/ecr-public.htm...

My employer has stuff I'm responsible for which hit this the at least 18 months ago. The subscription cost was little problem but the headaches debugging kubernetes pod description imagepullsecrets was much more painful. We called Docker sales and asked how much it would cost us for unlimited anonymous downloads from our IP address. They took a couple weeks to just say "go away".

Weirdly we just this week came across docker hub limiting our pulls from a CI job in AWS.

Not something we'd encountered before but seems earlier than these changes are meant to come into effect.

We've cloned the base image into ECR now and are deriving from there. This is all for internal authenticated stuff though.