diff --git a/templates/ecr/0/docker-compose.yml b/templates/ecr/0/docker-compose.yml
new file mode 100644
index 0000000..55d1766
--- /dev/null
+++ b/templates/ecr/0/docker-compose.yml
@@ -0,0 +1,12 @@
+ecr-updater:
+ environment:
+ AWS_ACCESS_KEY_ID: ${aws_access_key_id}
+ AWS_SECRET_ACCESS_KEY: ${aws_secret_access_key}
+ AWS_REGION: ${aws_region}
+ labels:
+ io.rancher.container.pull_image: always
+ io.rancher.container.create_agent: 'true'
+ io.rancher.container.agent.role: environment
+ tty: true
+ image: objectpartners/rancher-ecr-credentials:1.0.0
+ stdin_open: true
diff --git a/templates/ecr/0/rancher-compose.yml b/templates/ecr/0/rancher-compose.yml
new file mode 100644
index 0000000..e53877b
--- /dev/null
+++ b/templates/ecr/0/rancher-compose.yml
@@ -0,0 +1,24 @@
+.catalog:
+ name: "ECR Credential Updater"
+ version: "v1.0.0"
+ description: "Updates credentials for ECR in Rancher"
+ uuid: ecr-1
+ questions:
+ - variable: "aws_access_key_id"
+ label: "AWS Access Key ID"
+ description: "AWS API Access Key to use for obtaining ECR credentials"
+ required: true
+ type: "string"
+ - variable: "aws_secret_access_key"
+ label: "AWS Secret Access Key"
+ description: "AWS API Secret Key to use for obtaining ECR credentials"
+ required: true
+ type: "string"
+ - variable: "aws_region"
+ label: "AWS Region"
+ description: "AWS Region that hosts the ECR"
+ default: us-east-1
+ required: true
+ type: "string"
+ecr-updater:
+ scale: 1
diff --git a/templates/ecr/README.md b/templates/ecr/README.md
new file mode 100644
index 0000000..ab26d32
--- /dev/null
+++ b/templates/ecr/README.md
@@ -0,0 +1,47 @@
+# Rancher ECR Credentials Updater
+
+This is Docker container that when executed will update the Docker registry credentials in Rancher for an Amazon Elastic Container Registry.
+
+## Why is this needed?
+
+Because access to ECR is controlled with AWS IAM.
+An IAM user must request a temporary credential to the registry using the AWS API.
+This temporary credential is then valid for 12 hours.
+
+Rancher only supports registries that authenticate with a username and password.
+
+## How to use
+
+Run this container with the following environment variables:
+* `AWS_REGION` - the AWS region of the ECR registry
+* `AWS_ACCESS_KEY_ID`
+* `AWS_SECRET_ACCESS_KEY`
+
+Add the following labels to the service in Rancher:
+* `io.rancher.container.create_agent: true`
+* `io.rancher.container.agent.role: environment`
+
+These labels will cause Rancher to provision an API key for this service and create the `CATTLE_URL`, `CATTLE_ACCESS_KEY`, and `CATTLE_SECRET_KEY` environment variables.
+
+## Running container outside of Rancher
+
+If you are running this container outside of a Rancher managed environment, then you must provide the following envvars in additional to the ones above.
+* `CATTLE_URL` - the url of the Rancher server to update
+* `CATTLE_ACCESS_KEY`
+* `CATTLE_SECRET_KEY`
+
+```bash
+$ docker run -d -e AWS_REGION=us-east-1 -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY -e CATTLE_URL=http://rancher.mydomain.com -e CATTLE_ACCESS_KEY=$CATTLE_ACCESS_KEY -e CATTLE_SECRET_KEY=$CATTLE_SECRET_KEY objectpartners/rancher-ecr-credentials:latest
+```
+
+## Notes
+
+The AWS credentials must correspond to an IAM user that has permissions to call the ECR `GetToken` API.
+The application then parses the resulting response to retrieve the ECR registry URL, username, and password.
+The returned registry URL, is used to discover the corresponding registry in Rancher.
+
+Rancher stores registries by environment.
+If multiple environments exists, one instance of this container must be run per environment.
+Rancher credentials are tied to an environment, so specifying them will indicate which environment to update in Rancher.
+
+__NOTE__: This application runs on a 6 hour loop. It's possible there could be a slight gap where the credentials expire before this program updates them.
diff --git a/templates/ecr/catalogIcon-ecr.svg b/templates/ecr/catalogIcon-ecr.svg
new file mode 100644
index 0000000..3ecbb15
--- /dev/null
+++ b/templates/ecr/catalogIcon-ecr.svg
@@ -0,0 +1,42 @@
+
+
+
diff --git a/templates/ecr/config.yml b/templates/ecr/config.yml
new file mode 100644
index 0000000..4dd875b
--- /dev/null
+++ b/templates/ecr/config.yml
@@ -0,0 +1,6 @@
+name: ECR Credential Updater
+description: |
+ Automatically updates AWS EC2 Container Registry credentials in Rancher.
+version: v1.0.0
+category: Applications
+maintainer: John Engelman