Comment on page

IaC on Amazon ECR Scan


  • Amazon Root user
  • Private repositories with images in Elastic Container Registry

Scan Public Images

Go to ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’ and insert the name of the image you want to scan:
After scanning the new application with the name of the image will be created:

Scan Private Images

Step 1: Create an IAM user.

Login as a root user in Amazon Web Services.
Go to ‘Identity and Access Management (IAM)’ -> ‘Users’ -> ‘Add Users’.
Fill ‘User name’ and select ‘Access key’ credential type:
Go to ‘Attach existing policies directly’ and select
AmazonEC2ContainerRegistryReadOnly’ permission:
Click ‘Next: Tags’,
then ‘Next: Review’,
then ‘Create user’.
Copy ‘Access key ID’ and ‘Secret access key’.

Step 2: Add Amazon ECR integration in CloudDefense.

Go to ‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’. Paste your Access key ID and Secret access key, choose default region and click ‘Configure’:

Step 3: Scan your private images.

After successful configuration you can scan your own images.
Go to the ‘Integrations’ -> ‘Container Coverage’ -> ‘Amazon ECR’ or ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Amazon ECR’ -> ‘Your own images’. Choose region, default one always will be selected (you can choose other default region in integration configuration) and choose the image (images) you want to scan: