Since May 2020, a simple but crucial feature request has lingered due to Amazon Elastic Container Registry (ECR) not allowing image tags to be overwritten1.
Finally, in July 2025, AWS answered our collective prayers by announcing immutable tags with exceptions for Amazon ECR2. This new feature ensures exceptions to tag immutability can be carefully controlled, allowing container image tags to be modified when genuinely required, most commonly for latest.
Why does this matter?
Immutable tags improve security and reliability by guaranteeing repeatability. Deployments become predictable, rollbacks become simpler, audits become accurate; ultimately, confidence grows across the deployment pipeline. No more midnight firefights caused by accidental overwrites.
So, there are good reasons to know what you’re deploying. However, sometimes tags need to be re-deployed (see latest) but enforcing image tags to be removed and re-uploaded to update versions has been a failure of ECR since inception. Other platforms balance this by making commit-shas available to use as immutable tags.
So yes, AWS took their sweet time, five years to be precise, but the wait has paid off, greatly improving life for Platform Engineers everywhere.
For those who’ve tracked this long journey, you can finally close issues linked to aws/containers-roadmap#878.
