AWS ECR repository is publicly accessible

Data at risk

AWS ECR repository is publicly accessible

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

HITRUST
Orca Best Practices

Description

We have found that the AWS ECR repository - {AwsEcrRepository} is publicly accessible. AWS ECR - Amazon Elastic Container Registry is a managed container image registry service. AWS ECR supports private repositories with AWS IAM resource-based permissions. This is done so that only certain users or AWS EC2 instances will have access to your container repositories and images.

Recommended Mitigation

Consider updating the ECR Repository - {AwsEcrRepository} policy so it would not be public anymore. Exposing the ECR repository to the public may lead to data leaks and exposure of sensitive data. For more information: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html , https://docs.aws.amazon.com/AmazonECR/latest/public/public-repositories.html

AWS ECR repository is publicly accessible

Description

Need help?