Policy Templates for ECR
Amazon Elastic Container Registry (ECR)
Policy Templates for Container Security are used with Amazon Elastic Container Registry (ECR).
Policy Name | Resource | Benchmark | PCI DSS | HIPAA | NIST 800-53 | Policy Description |
---|---|---|---|---|---|---|
ECR: Image Registry should not have more than 200 repositories | ECR | Yes | SC-6, Resource Availability | Image registry should have a limit on number of respositories | ||
ECR: Users should not be granted FullAccess ECR Permission | ECR | Yes | 3.2.3 Insufficient authentication and authorization restrictions | Users should not be granted full Access ECR permissions | ||
ECR: Repository should not allow unknown cross account access | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Multiple accounts should not be involved in a repository policy | ||
ECR: Repositories should not be exposed to everyone/ publicly for push actions | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Repository policy push actions should be avoided | ||
ECR: Repositories should not be exposed to everyone/ publicly for pull actions | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Repository policy pull actions should be avoided | ||
ECR: Repositories should not be exposed to everyone/ publicly for delete actions | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Repository policy delete actions should be avoided | ||
ECR: Image tag immutability should be set correctly for repository | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Image Tag Immutability should be set correctly for repository |