Skip to main content
McAfee MVISION Cloud

Policy Templates for ECR

Amazon Elastic Container Registry (ECR) 

Policy Templates for Container Security are used with Amazon Elastic Container Registry (ECR).

Policy Name Resource Benchmark PCI DSS HIPAA NIST 800-53 Policy Description
ECR: Image Registry should not have more than 200 repositories ECR   Yes   SC-6, Resource Availability Image registry should have a limit on number of respositories
ECR: Users should not be granted FullAccess ECR Permission ECR   Yes   3.2.3 Insufficient authentication and authorization restrictions Users should not be granted full Access ECR permissions
ECR: Repository should not allow unknown cross account access ECR   Yes   SI-7, Software, Firmware, and Information Integrity.  Multiple accounts should not be involved in a repository policy
ECR: Repositories should not be exposed to everyone/ publicly for push actions ECR   Yes   SI-7, Software, Firmware, and Information Integrity.  Repository policy push actions should be avoided
ECR: Repositories should not be exposed to everyone/ publicly for pull actions ECR   Yes   SI-7, Software, Firmware, and Information Integrity.  Repository policy pull actions should be avoided
ECR: Repositories should not be exposed to everyone/ publicly for delete actions ECR   Yes   SI-7, Software, Firmware, and Information Integrity.  Repository policy delete actions should be avoided
ECR: Image tag immutability should be set correctly for repository ECR   Yes   SI-7, Software, Firmware, and Information Integrity.  Image Tag Immutability should be set correctly for repository
  • Was this article helpful?