Amazon Elastic Container Registry | Security Flashcards Preview

AWS 2018 - By Service Section - FAQs > Amazon Elastic Container Registry | Security > Flashcards

Flashcards in Amazon Elastic Container Registry | Security Deck (3)
Loading flashcards...
1
Q

Does Amazon ECR support the Open Container Initiative (OCI) format?

Security

Amazon Elastic Container Registry | Compute

A

Yes. Amazon ECR is compatible with the Open Container Initiative (OCI) image specification letting you push and pull OCI images. Amazon ECR can also translate between Docker Image Manifest V2, Schema 2 images and OCI images on pull.

2
Q

How does Amazon ECR help ensure that container images are secure?

Security

Amazon Elastic Container Registry | Compute

A

Amazon ECR automatically encrypts images at rest using S3 server side encryption and transfers your container images over HTTPS. You can configure policies to manage permissions and control access to your images using AWS Identity and Access Management (IAM) users and roles without having to manage credentials directly on your EC2 instances.

3
Q

How can I use AWS Identity and Access Management for permissions?

Security

Amazon Elastic Container Registry | Compute

A

You can use IAM resource-based policies to control and monitor who and what (e.g., EC2 instances) can access your container images as well as how, when, and where they can access them. To get started, use the Management Console to create resource-based policies for your repositories. Alternatively, you can use sample policies and attach them to your repositories via the Amazon ECR CLI.

Decks in AWS 2018 - By Service Section - FAQs Class (744):