Best practice rules for Amazon Elastic Container Registry
Trend Micro Cloud One™ – Conformity monitors Amazon Elastic Container Registry with the following rules:
- ECR Repository Exposed
Ensure that AWS Elastic Container Registry (ECR) repositories are not exposed to everyone.
- Enable Cross-Region Replication
Ensure that Cross-Region Replication feature is enabled for your Amazon ECR container images.
- Enable Scan on Push for ECR Container Images
Ensure that each Amazon ECR container image is automatically scanned for vulnerabilities when pushed to a repository.
- Lifecycle Policy in Use
Ensure that Amazon ECR image repositories are using lifecycle policies for cost optimization.
- Repository Cross Account Access
Ensure that Amazon ECR repositories do not allow unknown cross account access.