diff --git a/aws/resource_aws_ecr_repository.go b/aws/resource_aws_ecr_repository.go
index 2b22b1a37ada..571b7d627d85 100644
--- a/aws/resource_aws_ecr_repository.go
+++ b/aws/resource_aws_ecr_repository.go
@@ -10,6 +10,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/ecr"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
 )
 
 func resourceAwsEcrRepository() *schema.Resource {
@@ -32,6 +33,15 @@ func resourceAwsEcrRepository() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"image_tag_mutability": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  ecr.ImageTagMutabilityMutable,
+				ValidateFunc: validation.StringInSlice([]string{
+					ecr.ImageTagMutabilityMutable,
+					ecr.ImageTagMutabilityImmutable,
+				}, false),
+			},
 			"tags": tagsSchema(),
 			"arn": {
 				Type:     schema.TypeString,
@@ -53,8 +63,9 @@ func resourceAwsEcrRepositoryCreate(d *schema.ResourceData, meta interface{}) er
 	conn := meta.(*AWSClient).ecrconn
 
 	input := ecr.CreateRepositoryInput{
-		RepositoryName: aws.String(d.Get("name").(string)),
-		Tags:           tagsFromMapECR(d.Get("tags").(map[string]interface{})),
+		ImageTagMutability: aws.String(d.Get("image_tag_mutability").(string)),
+		RepositoryName:     aws.String(d.Get("name").(string)),
+		Tags:               tagsFromMapECR(d.Get("tags").(map[string]interface{})),
 	}
 
 	log.Printf("[DEBUG] Creating ECR repository: %#v", input)
@@ -113,6 +124,7 @@ func resourceAwsEcrRepositoryRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("name", repository.RepositoryName)
 	d.Set("registry_id", repository.RegistryId)
 	d.Set("repository_url", repository.RepositoryUri)
+	d.Set("image_tag_mutability", repository.ImageTagMutability)
 
 	if err := getTagsECR(conn, d); err != nil {
 		return fmt.Errorf("error getting ECR repository tags: %s", err)
@@ -124,6 +136,12 @@ func resourceAwsEcrRepositoryRead(d *schema.ResourceData, meta interface{}) erro
 func resourceAwsEcrRepositoryUpdate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ecrconn
 
+	if d.HasChange("image_tag_mutability") {
+		if err := resourceAwsEcrRepositoryUpdateImageTagMutability(conn, d); err != nil {
+			return err
+		}
+	}
+
 	if err := setTagsECR(conn, d); err != nil {
 		return fmt.Errorf("error setting ECR repository tags: %s", err)
 	}
@@ -177,3 +195,18 @@ func resourceAwsEcrRepositoryDelete(d *schema.ResourceData, meta interface{}) er
 
 	return nil
 }
+
+func resourceAwsEcrRepositoryUpdateImageTagMutability(conn *ecr.ECR, d *schema.ResourceData) error {
+	input := &ecr.PutImageTagMutabilityInput{
+		ImageTagMutability: aws.String(d.Get("image_tag_mutability").(string)),
+		RepositoryName:     aws.String(d.Id()),
+		RegistryId:         aws.String(d.Get("registry_id").(string)),
+	}
+
+	_, err := conn.PutImageTagMutability(input)
+	if err != nil {
+		return fmt.Errorf("Error setting image tag mutability: %s", err.Error())
+	}
+
+	return nil
+}
diff --git a/aws/resource_aws_ecr_repository_test.go b/aws/resource_aws_ecr_repository_test.go
index 37091acabe85..e53951b39cff 100644
--- a/aws/resource_aws_ecr_repository_test.go
+++ b/aws/resource_aws_ecr_repository_test.go
@@ -70,6 +70,32 @@ func TestAccAWSEcrRepository_tags(t *testing.T) {
 	})
 }
 
+func TestAccAWSEcrRepository_immutability(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_ecr_repository.default"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSEcrRepositoryDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSEcrRepositoryConfig_immutability(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSEcrRepositoryExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "name", rName),
+					resource.TestCheckResourceAttr(resourceName, "image_tag_mutability", "IMMUTABLE"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckAWSEcrRepositoryDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ecrconn
 
@@ -159,3 +185,12 @@ resource "aws_ecr_repository" "default" {
 }
 `, rName)
 }
+
+func testAccAWSEcrRepositoryConfig_immutability(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_ecr_repository" "default" {
+  name = %q
+  image_tag_mutability = "IMMUTABLE"
+}
+`, rName)
+}
diff --git a/website/docs/r/ecr_repository.html.markdown b/website/docs/r/ecr_repository.html.markdown
index b62d983518c7..874a6f957e70 100644
--- a/website/docs/r/ecr_repository.html.markdown
+++ b/website/docs/r/ecr_repository.html.markdown
@@ -23,6 +23,7 @@ resource "aws_ecr_repository" "foo" {
 The following arguments are supported:
 
 * `name` - (Required) Name of the repository.
+* `image_tag_mutability` - (Optional) The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`. Defaults to `MUTABLE`.
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ## Attributes Reference