Detections
Analytics

Ensure there is no policy with invalid action for Amazon Elastic Container Registry (ECR) Public repository policy

MEDIUM

Description

Policy actions in Amazon Elastic Container Registry (ECR) Public use the following prefix before the action: 'ecr-public:'. Policy statements must include specific action(s). Allowing 'ecr-public:*' may lead to unauthorized access.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and go to the Amazon Elastic Container Registry (ECR) console and click on public.
  2. Select Repositories.
  3. Click the image repository that you want to configure. Select Permissions.
  4. In the Permission statements, select the policy statement.
  5. Click Edit and make the necessary changes.

Policy Details

Rule Reference ID: AC_AWS_0580
CSP: AWS
Remediation Available: Yes
Domain: Identity and Access Management
Resource: aws_ecrpublic_repository_policy
Resource Category: Compute
Resource Type: Elastic Container Registry (ECR)

Frameworks