Amazon Elastic Container Registry (ECR) is a cornerstone service that allows you to completely manage container images within AWS. But Container Registries also happen to be a major threat vector that attackers can exploit.
By gaining access to your container registry, attackers can launch widespread supply-chain attacks against your infrastructure and compromise your container images. This course is a deep-dive into specific security features of ECR that help you prevent, detect, and correct security weaknesses in your container images within AWS.
We start off with an overview of Container Registry and various features of Amazon ECR. We explore AWS Identity and Access Management (IAM) and how it fits in with the functions of ECR.
Next, we use hands-on labs to learn how to scan container images for vulnerabilities and pinpoint security flaws. We also look at tag immutability for ECR.
For our final lesson, we’ll be learning to monitor security events. Get some hands-on practice setting up and using Cloudtrail-Athena for security monitoring for Amazon ECR.
ECR IAM Tag Identity
ECR Immutable Image Tag
ECR CloudTrail Athena