Introduction
Amazon ECR Scan, also known as Amazon Elastic Container Registry Scan, is a fundamental component in ensuring the security and integrity of containerized applications hosted on the Amazon Web Services (AWS) cloud platform.
By analyzing the contents of container images, including software libraries, operating system packages, and dependencies, Amazon ECR Scan detects potential security risks and compliance violations.
This guide details how to initiate and complete an Amazon ECR scan on the platform.
Prerequisites:
You should be signed in with CloudDefense.ai. If not, please refer to our guide on creating a CloudDefense.ai account.
Amazon Root user
Private repositories with images in Elastic Container Registry (ECR)
Step 1: Create an IAM user.
Login as a root user in Amazon Web Services.
Go to ‘Identity and Access Management (IAM)’ -> ‘Users’ -> ‘Add Users’.
Fill ‘User name’ and select ‘Access key’ credential type:
Go to ‘Attach existing policies directly’ and select
‘AmazonEC2ContainerRegistryReadOnly’ permission:
Click ‘Next: Tags’,
then ‘Next: Review’,
then ‘Create user’.
Copy ‘Access key ID’ and ‘Secret access key’.
Step 2: Add Amazon ECR integration in CloudDefense.
Go to ‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’. Paste your Access key ID and Secret access key, choose default region and click ‘Configure’:
Step 3: Scan your private images.
After successful configuration you can scan your own images.
Go to the ‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’ or ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’ -> ‘Your own images’. Choose region, default one always will be selected (you can choose other default region in integration configuration) and choose the image (images) you want to scan:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article
