Amazon Elastic Container Registry | Security Flashcards
Does Amazon ECR support the Open Container Initiative (OCI) format?
Security
Amazon Elastic Container Registry | Compute
Yes. Amazon ECR is compatible with the Open Container Initiative (OCI) image specification letting you push and pull OCI images. Amazon ECR can also translate between Docker Image Manifest V2, Schema 2 images and OCI images on pull.
How does Amazon ECR help ensure that container images are secure?
Security
Amazon Elastic Container Registry | Compute
Amazon ECR automatically encrypts images at rest using S3 server side encryption and transfers your container images over HTTPS. You can configure policies to manage permissions and control access to your images using AWS Identity and Access Management (IAM) users and roles without having to manage credentials directly on your EC2 instances.
How can I use AWS Identity and Access Management for permissions?
Security
Amazon Elastic Container Registry | Compute
You can use IAM resource-based policies to control and monitor who and what (e.g., EC2 instances) can access your container images as well as how, when, and where they can access them. To get started, use the Management Console to create resource-based policies for your repositories. Alternatively, you can use sample policies and attach them to your repositories via the Amazon ECR CLI.