A collection of AWS Security controls for Amazon ECR. Controls include configuration to create ECR Repositories with different settings including vulnerability scans, CloudWatch events and alarms for monitoring as well as Config rules. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

ECR Repository with Vulnerability Scanning

Configuration template to create an Amazon ECR repository with native image vulnerability scanning enabled. Customizable settings include Repository Name, Image Immutability, Encryption At-Rest, and Vulnerability Scan On-Push

CloudFormationTerraformAWS CLI
ECR Repository with Example Policy

This template creates an Amazon Elastic Container Registry (Amazon ECR) repository named `test-repository`. The repository policy allows the users `Bob` and `Alice` to push and pull images.

Replication Configuration for a Private ECR Registry

This template creates a replication configuration for a private registry in a source Region. The replication configuration specifies that the contents of the registry should be replicated to the `us-east-2` and `us-west-1` Regions within the same account.

Registry Policy for a Private ECR Registry

This template creates an AWS::ECR::RegistryPolicy resource that specifies a private registry policy in the us-west-2 region. The policy grants permission for account 210987654321 to create repositories and replicate their contents to your private registry.

Pull Through Cache Rule for an ECR Private Registry

This template creates a pull through cache rule that caches repositories with the name prefix `my-ecr` from the Amazon ECR Public registry into your private registry.

ECR Public Repository

This template creates an Amazon Elastic Container Registry Public (Amazon ECR Public) repository. The repository allows users to push and pull Docker images, OCI images, and OCI compatible artifacts. The example specifies a public repository named 'test-repository' with catalog data that includes usage text, about text, supported operating systems, supported architectures, and a repository description.