This article describes how to set up a zone-redundant container registry.
Zone redundancy in the Premium tier of Azure Container Registry provides protection against single zone failures. Zone redundancy allows for the distributing of registry data and operations across multiple availability zones within the region.
For more information about availability zone support requirements and features, as well as multi-region deployment options, see Reliability in Azure Container Registry.
Prerequisites
Create a zone-redundant registry
To create a zone-redundant registry in the Premium service tier, use Azure portal, Azure CLI, or a Bicep file.
Sign in to the Azure portal.
Select Create a resource > Containers > Container Registry.
In the Basics tab, select or create a resource group, and enter a unique registry name.
In Location, select a region that supports availability zones, such as East US.
In SKU, select Premium.
In Availability zones, select Enabled.
Optionally, configure more registry settings, and then select Review + create.
Select Create to deploy the registry instance.
Make sure that you have Azure CLI version 2.17.0 or later, or Azure Cloud Shell. If you need to install or upgrade, see Install Azure CLI.
If you don't have a resource group in a region that supports availability zones, run az group create to create a resource group (replace <resource-group-name> and <location> with your values):
az group create --name <resource-group-name> --location <location>
Select a region that supports availability zones, such as eastus.
Create a zone-enabled registry in the Premium service tier by running the az acr create command (replace <resource-group-name>, <container-registry-name>, and <region-name> with your values):
az acr create \
--resource-group <resource-group-name> \
--name <container-registry-name> \
--location <region-name> \
--zone-redundancy enabled \
--sku Premium
In the command output, note the zoneRedundancy property for the registry. When zoneRedundancy is set to "Enabled", the registry is zone redundant:
{
[...]
"zoneRedundancy": "Enabled"
}
If you don't have a resource group in a region that supports availability zones, run az group create to create a resource group (replace <resource-group-name> and <location> with your values):
az group create --name <resource-group-name> --location <location>
To create a zone-redundant registry, copy the following Bicep file to a new file and save it using a filename such as registryZone.bicep.
By default, the Bicep file enables zone redundancy in the registry.
@description('Globally unique name of your Azure Container Registry')
@minLength(5)
@maxLength(50)
param containerRegistryName string = 'acr${uniqueString(resourceGroup().id)}'
@description('Location for registry home replica.')
param location string = resourceGroup().location
@description('Enable admin user for registry. This is not recommended for production use.')
param adminUserEnabled bool = false
@description('Enable zone redundancy of registry\'s home replica. Requires the registry\'s region supports availability zones.')
@allowed([
'Enabled'
'Disabled'
])
param containerRegistryZoneRedundancy string = 'Enabled'
// Tier of your Azure Container Registry. Geo-replication and zone redundancy require Premium SKU.
var acrSku = 'Premium'
resource containerRegistry 'Microsoft.ContainerRegistry/registries@2025-04-01' = {
name: containerRegistryName
location: location
sku: {
name: acrSku
}
properties: {
adminUserEnabled: adminUserEnabled
zoneRedundancy: containerRegistryZoneRedundancy
}
}
output containerRegistryLoginServer string = containerRegistry.properties.loginServer
Run the following az deployment group create command to create the registry using the preceding template file (replace <resource-group-name> and <registry-name> with your values).
Note
If you deploy the template without parameters, it creates a unique name for you.
az deployment group create \
--resource-group <resource-group-name> \
--template-file registryZone.json \
--parameters containerRegistryName=<registry-name>