# IaC on Amazon ECR Scan

{% embed url="<https://youtu.be/LzDqc6wMQIo>" %}

### Prerequisites&#x20;

* Amazon Root user&#x20;
* Private repositories with images in Elastic Container Registry&#x20;

### Scan Public Images

Go to ‘**Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’** and insert the name of the image you want to scan:

<figure><img src="https://lh3.googleusercontent.com/lxXf98cO4JSw9Fxxdcm5OWZpWeTN2OBVwGvLlfkERxk4Y0sYU5EOIfAXkr33IYr4b-BtuXrF4sXvCqkRalv2sGGunaYKDg8o8g2exQQBz8FwAkIlp-buQtYkVr_t_fYvcVHtaCJcwla4eWcIP1-wFwt86wAff4xcTh8PvoHZkBr-doopidjeXn22Uw" alt=""><figcaption></figcaption></figure>

After scanning the new application with the name of the image will be created:

<figure><img src="https://lh6.googleusercontent.com/UwshXFUy8XyAVnJaFnljqdltK-yoLqhR-wTo7X8C3C69DCWUTbKW9WtHuymJY_PhdtN55x1kT4j34kntqsjACtwtwRcdW846EraMepnd5jZq2g_JyKN8--r3oblJzYhjSZCHza1QwGuYPsGnGUI5SCZZ_5yMvs_zXp13W2h1Sdtr9Gx1YBQ_SSSWlQ" alt=""><figcaption></figcaption></figure>

## Scan Private Images&#x20;

### Step 1: Create an IAM user.&#x20;

Login as a root user in Amazon Web Services.&#x20;

Go to **‘Identity and Access Management (IAM)’ -> ‘Users’ -> ‘Add Users’.**&#x20;

Fill **‘User name’ and select ‘Access key’** credential type:

<figure><img src="https://lh5.googleusercontent.com/QOO0hagTUWpMR4840kHMjfAn_RZhvPtyRX1z_k_2MbnOn3ARN2hMo6CadMHNq8_crNnH5eNJRgdQ76TWwSV1Z24TeBOT3KkHBdf7D1jK7Frqo9XpG3EWlEiQepg7PXM5Re5SjydU3-n8epxavejnk7ZtJOrlbuKTAQU__ulmrT212O87qDbviY1X2w" alt=""><figcaption></figcaption></figure>

Go to **‘Attach existing policies directly’** and select&#x20;

‘**AmazonEC2ContainerRegistryReadOnly’** permission:

<figure><img src="https://lh5.googleusercontent.com/87VQ5nOxuO3or_n5sH2oHVbBlGLNlZ67FzaAlIESbMASBBS9-oMgT2wLhX09NCuRieNGFu5TND84FT0_vYNHwBSH-6M0KEHRlYrkhC_doY7PN6qelNm1xATcHiJ40QpSI8yfTl0hyfUQIzyfbOeCrMFdYnGvTMpjSCcJgpN8VL28iEHA7teRo6d6ew" alt=""><figcaption></figcaption></figure>

Click **‘Next: Tags’**,&#x20;

then **‘Next: Review’,**&#x20;

then **‘Create user’**.&#x20;

Copy **‘Access key ID’** and **‘Secret access key’.**

<figure><img src="https://lh6.googleusercontent.com/TOObCXvs4NcaoGIthNiEFBs6IUAmdVcyxEsFmYjnZkre0tcdGa-ebMOGR4B-bFIShsAQw01r95RvGqPD02_grYu45qcmq6OpOm-W-aupIojNyaWTQ_-JVaPVAPHuwY9UohffPByDkjouAS5sOTXy1xnEWwpmJyR8FuEVANx0CVE1kCpIMe8zRrjhVQ" alt=""><figcaption></figcaption></figure>

### Step 2: Add Amazon ECR integration in CloudDefense.

Go to **‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’.** Paste your Access key ID and Secret access key, choose default region and click **‘Configure’:**

<figure><img src="https://lh6.googleusercontent.com/PE8uSV4UbwfxS-RKZ0QAm19pWWbn5Q8-fvwGlNE6h8Aznd9bw9RKGxlYMzeXoRIKKbIjkdfIzJpmnuJsp2i8EXoZ0uNC4ZU0o70p6kPCJ8DXctnXJEOKQwK_qYRj_maabtTFROsr_bMJXB0JE1JBItfb93C36e9eDVrXkeKsT2xyzIxwSBb082_gmA" alt=""><figcaption></figcaption></figure>

### Step 3: Scan your private images.

After successful configuration you can scan your own images.

Go to the **‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’ or ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’ -> ‘Your own images’.** Choose region, default one always will be selected (you can choose other default region in integration configuration) and choose the image (images) you want to scan:

<figure><img src="https://lh6.googleusercontent.com/991zMvSIaeHlHwMlHBNVic6DMZFUJ4VDHkcrSed-Pf1jt-DiuByHiz-M5x5QROUX8QqlP2fzymv8-Rat17pA40V7qaESjPWXEj8Tj3F5UOYsnST9-cu93M9mlkl-VguqgFmIYKu6PLZ-ENl-mHRbrG0f6R_n6Kf4L9uexP00ytzaU2jS8G_H93JIkw" alt=""><figcaption></figcaption></figure>