Top / Amazon Web Service / AWS Amazon ECR / Registry Policy

AWS Amazon ECR Registry Policy

This page shows how to write Terraform and CloudFormation for Amazon ECR Registry Policy and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_ecr_registry_policy (Terraform)

The Registry Policy in Amazon ECR can be configured in Terraform with the resource name aws_ecr_registry_policy. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L1
resource "aws_ecr_registry_policy" "this" {
  policy = var.policy

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an Elastic Container Registry Policy.

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon ECR Resources

In addition to the aws_ecr_repository, AWS Amazon ECR has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_ecr_repository

Ensure to enable ECR image scan

It is better to enbale ECR image scan. AWS ECR provides a feature to scan container images and discover vulnerable software.

Review your AWS Amazon ECR settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ECR::RegistryPolicy (CloudFormation)

The RegistryPolicy in ECR can be configured in CloudFormation with the resource name AWS::ECR::RegistryPolicy. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

template.json#L2715
    "AWS::ECR::RegistryPolicy": {
      "Type": "AWS::ECR::RegistryPolicy",
      "Properties": {}
    },
    "AWS::ApiGateway::Method": {
      "Type": "AWS::ApiGateway::Method",

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::ECR::RegistryPolicy resource creates or updates the permissions policy for a private registry.

A private registry policy is used to specify permissions for another AWS account and is used when configuring cross-account replication. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon ECR Resources

Frequently asked questions

What is AWS Amazon ECR Registry Policy?

AWS Amazon ECR Registry Policy is a resource for Amazon ECR of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon ECR Registry Policy?

For Terraform, the asaphe/terraform-aws-ecr source code example is useful. See the Terraform Example section for further details.

For CloudFormation, the mhlabs/aws-icons-directory source code example is useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents