VPC Security Controls
EC2 Security Controls
IAM Security Controls
S3 Security Controls
RDS Security Controls
OpenSearch/Elasticsearch Security Controls
EFS Security Controls
Route53 Security Controls
DynamoDB Security Controls
ECR Security Controls
EMR Security
Lambda Security
CloudFormation Security
CodeX Security Controls
CloudFront Security
AWS Certificate Manager (ACM) Security
Amazon GuardDuty
Amazon Inspector
AWS Security Hub
AWS Network FirewallRoute53 Resolver Security
Amazon Macie
AWS WAF
AWS Secrets Manager
AWS Systems Manager
AWS KMS
AWS SSO
Load Balancers
RDS Event Subscriptions
AWS Resource Access Manager (RAM)
Alexa Skill
Amazon API Gateway
AWS AppConfig
Amazon AppFlow
AWS App Mesh
AWS App Runner
AWS AppSync
Application Auto Scaling
Amazon Athena
AWS Batch
AWS Billing Conductor
AWS Clean Rooms
AWS SNS
AWS SQS
AWS Service Discovery
AWS Step Functions
AWS CloudTrail
AWS Config
AWS CloudWatch
AWS Cognito
Amazon ConnectA collection of AWS Security controls for Amazon ECR. Controls include configuration to create ECR Repositories with different settings including vulnerability scans, CloudWatch events and alarms for monitoring as well as Config rules. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform
Configuration template to create an Amazon ECR repository with native image vulnerability scanning enabled. Customizable settings include Repository Name, Image Immutability, Encryption At-Rest, and Vulnerability Scan On-Push
This template creates an Amazon Elastic Container Registry (Amazon ECR) repository named `test-repository`. The repository policy allows the users `Bob` and `Alice` to push and pull images.
This template creates a replication configuration for a private registry in a source Region. The replication configuration specifies that the contents of the registry should be replicated to the `us-east-2` and `us-west-1` Regions within the same account.
This template creates an AWS::ECR::RegistryPolicy resource that specifies a private registry policy in the us-west-2 region. The policy grants permission for account 210987654321 to create repositories and replicate their contents to your private registry.
This template creates a pull through cache rule that caches repositories with the name prefix `my-ecr` from the Amazon ECR Public registry into your private registry.
This template creates an Amazon Elastic Container Registry Public (Amazon ECR Public) repository. The repository allows users to push and pull Docker images, OCI images, and OCI compatible artifacts. The example specifies a public repository named 'test-repository' with catalog data that includes usage text, about text, supported operating systems, supported architectures, and a repository description.
A CloudWatch Event Rule that triggers when each ECR vulnerability image scan is completed. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.
A Config rule that checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled. The rule is NON_COMPLIANT if image scanning is not enabled for the private ECR repository.
A Config rule that checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled. The rule is NON_COMPLIANT if image scanning is not enabled for the private ECR repository.
A Config rule that checks if a private Amazon Elastic Container Registry (ECR) repository has tag immutability enabled. This rule is NON_COMPLIANT if tag immutability is not enabled for the private ECR repository.
