IaC on Amazon ECR Scan

Modified on Wed, 11 Oct, 2023 at 7:30 PM



Prerequisites 

  • Amazon Root user 
  • Private repositories with images in Elastic Container Registry 



Scan Public Images

Go to ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’ and insert the name of the image you want to scan:



After scanning the new application with the name of the image will be created:



Scan Private Images 



Step 1: Create an IAM user. 

Login as a root user in Amazon Web Services. 
Go to ‘Identity and Access Management (IAM)’ -> ‘Users’ -> ‘Add Users’. 
Fill ‘User name’ and select ‘Access key’ credential type:



Go to ‘Attach existing policies directly’ and select 
AmazonEC2ContainerRegistryReadOnly’ permission:



Click ‘Next: Tags’
then ‘Next: Review’, 
then ‘Create user’
Copy ‘Access key ID’ and ‘Secret access key’.



Step 2: Add Amazon ECR integration in CloudDefense.

Go to ‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’. Paste your Access key ID and Secret access key, choose default region and click ‘Configure’:



Step 3: Scan your private images.

After successful configuration you can scan your own images.
Go to the ‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’ or ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’ -> ‘Your own images’. Choose region, default one always will be selected (you can choose other default region in integration configuration) and choose the image (images) you want to scan:

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article