# IaC on Amazon ECR Scan

{% embed url="<https://youtu.be/LzDqc6wMQIo>" %}

### Prerequisites&#x20;

* Amazon Root user&#x20;
* Private repositories with images in Elastic Container Registry&#x20;

### Scan Public Images

Go to ‘**Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’** and insert the name of the image you want to scan:

<figure><img src="https://lh3.googleusercontent.com/lxXf98cO4JSw9Fxxdcm5OWZpWeTN2OBVwGvLlfkERxk4Y0sYU5EOIfAXkr33IYr4b-BtuXrF4sXvCqkRalv2sGGunaYKDg8o8g2exQQBz8FwAkIlp-buQtYkVr_t_fYvcVHtaCJcwla4eWcIP1-wFwt86wAff4xcTh8PvoHZkBr-doopidjeXn22Uw" alt=""><figcaption></figcaption></figure>

After scanning the new application with the name of the image will be created:

<figure><img src="https://lh6.googleusercontent.com/UwshXFUy8XyAVnJaFnljqdltK-yoLqhR-wTo7X8C3C69DCWUTbKW9WtHuymJY_PhdtN55x1kT4j34kntqsjACtwtwRcdW846EraMepnd5jZq2g_JyKN8--r3oblJzYhjSZCHza1QwGuYPsGnGUI5SCZZ_5yMvs_zXp13W2h1Sdtr9Gx1YBQ_SSSWlQ" alt=""><figcaption></figcaption></figure>

## Scan Private Images&#x20;

### Step 1: Create an IAM user.&#x20;

Login as a root user in Amazon Web Services.&#x20;

Go to **‘Identity and Access Management (IAM)’ -> ‘Users’ -> ‘Add Users’.**&#x20;

Fill **‘User name’ and select ‘Access key’** credential type:

<figure><img src="https://lh5.googleusercontent.com/QOO0hagTUWpMR4840kHMjfAn_RZhvPtyRX1z_k_2MbnOn3ARN2hMo6CadMHNq8_crNnH5eNJRgdQ76TWwSV1Z24TeBOT3KkHBdf7D1jK7Frqo9XpG3EWlEiQepg7PXM5Re5SjydU3-n8epxavejnk7ZtJOrlbuKTAQU__ulmrT212O87qDbviY1X2w" alt=""><figcaption></figcaption></figure>

Go to **‘Attach existing policies directly’** and select&#x20;

‘**AmazonEC2ContainerRegistryReadOnly’** permission:

<figure><img src="https://lh5.googleusercontent.com/87VQ5nOxuO3or_n5sH2oHVbBlGLNlZ67FzaAlIESbMASBBS9-oMgT2wLhX09NCuRieNGFu5TND84FT0_vYNHwBSH-6M0KEHRlYrkhC_doY7PN6qelNm1xATcHiJ40QpSI8yfTl0hyfUQIzyfbOeCrMFdYnGvTMpjSCcJgpN8VL28iEHA7teRo6d6ew" alt=""><figcaption></figcaption></figure>

Click **‘Next: Tags’**,&#x20;

then **‘Next: Review’,**&#x20;

then **‘Create user’**.&#x20;

Copy **‘Access key ID’** and **‘Secret access key’.**

<figure><img src="https://lh6.googleusercontent.com/TOObCXvs4NcaoGIthNiEFBs6IUAmdVcyxEsFmYjnZkre0tcdGa-ebMOGR4B-bFIShsAQw01r95RvGqPD02_grYu45qcmq6OpOm-W-aupIojNyaWTQ_-JVaPVAPHuwY9UohffPByDkjouAS5sOTXy1xnEWwpmJyR8FuEVANx0CVE1kCpIMe8zRrjhVQ" alt=""><figcaption></figcaption></figure>

### Step 2: Add Amazon ECR integration in CloudDefense.

Go to **‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’.** Paste your Access key ID and Secret access key, choose default region and click **‘Configure’:**

<figure><img src="https://lh6.googleusercontent.com/PE8uSV4UbwfxS-RKZ0QAm19pWWbn5Q8-fvwGlNE6h8Aznd9bw9RKGxlYMzeXoRIKKbIjkdfIzJpmnuJsp2i8EXoZ0uNC4ZU0o70p6kPCJ8DXctnXJEOKQwK_qYRj_maabtTFROsr_bMJXB0JE1JBItfb93C36e9eDVrXkeKsT2xyzIxwSBb082_gmA" alt=""><figcaption></figcaption></figure>

### Step 3: Scan your private images.

After successful configuration you can scan your own images.

Go to the **‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’ or ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’ -> ‘Your own images’.** Choose region, default one always will be selected (you can choose other default region in integration configuration) and choose the image (images) you want to scan:

<figure><img src="https://lh6.googleusercontent.com/991zMvSIaeHlHwMlHBNVic6DMZFUJ4VDHkcrSed-Pf1jt-DiuByHiz-M5x5QROUX8QqlP2fzymv8-Rat17pA40V7qaESjPWXEj8Tj3F5UOYsnST9-cu93M9mlkl-VguqgFmIYKu6PLZ-ENl-mHRbrG0f6R_n6Kf4L9uexP00ytzaU2jS8G_H93JIkw" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.clouddefenseai.com/integration/iac-on-amazon-ecr-scan.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.