ECR

Jan 1, 0001

Definition

Elastic Container Registry (ECR) is a fully-managed Docker container registry provided by AWS that allows developers to store, manage, and deploy Docker container images. ECR integrates with Amazon ECS, EKS, and AWS Lambda, simplifying the process of deploying containers on AWS infrastructure. It supports image versioning, access control via AWS IAM, and integrates with AWS security services to ensure secure image storage and retrieval.

Secure Settings Example

# IAM policy for ECR access with least privilege
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "ecr:BatchCheckLayerAvailability"
      ],
      "Resource": "arn:aws:ecr:region:account-id:repository/repository-name"
    }
  ]
}

Insecure Settings Example

# IAM policy granting overly broad permissions
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ecr:*",
      "Resource": "*"
    }
  ]
}

ECR

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter