Policy Templates for ECR
Amazon Elastic Container Registry (ECR)
Policy Templates for CSPM are used with Amazon Elastic Container Registry (ECR).
For instructions on how to find Policy templates that are new or updated due to changed recommendations, see Find New and Updated Policy Templates.
| Policy Name | Resource | Benchmark | PCI DSS | HIPAA | NIST 800-53 | Policy Description |
|---|---|---|---|---|---|---|
| ECR: Image Registry should not have more than 200 repositories | ECR | Yes | SC-6, Resource Availability | Image registry should have a limit on number of respositories | ||
| ECR: Users should not be granted FullAccess ECR Permission | ECR | Yes | 3.2.3 Insufficient authentication and authorization restrictions | Users should not be granted full Access ECR permissions | ||
| ECR: Repository should not allow unknown cross account access | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Multiple accounts should not be involved in a repository policy | ||
| ECR: Repositories should not be exposed to everyone/ publicly for push actions | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Repository policy push actions should be avoided | ||
| ECR: Repositories should not be exposed to everyone/ publicly for pull actions | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Repository policy pull actions should be avoided | ||
| ECR: Repositories should not be exposed to everyone/ publicly for delete actions | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Repository policy delete actions should be avoided | ||
| ECR: Image tag immutability should be set correctly for repository | ECR | Yes | SI-7, Software, Firmware, and Information Integrity. | Image Tag Immutability should be set correctly for repository |