Identify vulnerabilities and security issues in container images.

Identify vulnerabilities and security issues in container images.

ECR provides integrated image scanning capabilities to help you identify vulnerabilities and security issues in your container images. It uses the Common Vulnerabilities and Exposures (CVE) database to detect known vulnerabilities and provides actionable insights to remediate them.

Published Dec 1, 2023

Pre-requirements: -

To get started with AWS ECR,
  • you must have AWS Account Install aws-cli in the local system/server/VM/EC2.
  • Create an IAM user and give access to ECR roles.
  • Create ECR repository Configure aws-cli with IAM Credentials.
  • Create a docker file to Build a docker image for scanning image.

We will understand and achieve hands-on lab.

  • · How to use private docker registry AWS ECR — Elastic Container Registry
  • · How to create a repository on AWS ECR
  • · How to authenticate in AWS ECR
  • · How to push the private images to AWS ECR
  • · How to pull private images from AWS ECR.

Scan Docker images using Amazon Elastic Container Registry (ECR), you can follow these step-by-step Instructions:

AWS CLI Installation:
curl “https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o “awscliv2.zip”
unzip awscliv2.zip
sudo ./aws/install
aws — version
Docker Installation:
sudo yum amazon-linux-extras install docker
sudo service docker start
(Log out and log back in again to pick up the new docker group permissions)

Create ECR repository Configure aws-cli with IAM Credentials
IAM Users > Create > user

Create an access key, and secret key and download and save it.

Set up an ECR repository:

  • Go to the Amazon ECR service in the AWS Management Console.
  • Click on “Create repository” and provide a name for your repository.
  • Configure the repository settings, such as access permissions, lifecycle policy, and encryption options.
  • Click on “Create repository” to complete the setup
  • Amazon ECR >Repositories >Create repository
Click view commands for Push commands for Repositories

Create a docker file for Build a docker image for scanning image: -

Create a Dockerfile touch Dockerfile > nano Docekerfile
Edit the Dockerfile you just created and add the following content.
docker build -t ecr
FROM public.ecr.aws/docker/library/ubuntu:18.04
# Install dependencies
RUN apt-get update && \
apt-get -y install apache2
# Install apache and write hello world message
RUN echo ‘Hello World!’ > /var/www/html/index.html
# Configure apache
RUN echo ‘. /etc/apache2/envvars’ > /root/run_apache.sh && \
echo ‘mkdir -p /var/run/apache2’ >> /root/run_apache.sh && \
echo ‘mkdir -p /var/lock/apache2’ >> /root/run_apache.sh && \
echo ‘/usr/sbin/apache2 -D FOREGROUND’ >> /root/run_apache.sh && \
chmod 755 /root/run_apache.sh
CMD /root/run_apache.sh
docker tag ecr:latest 557822060553.dkr.ecr.us-east-1.amazonaws.com/ecr:latest
Before Pushing the Container, images configure aws cli.
aws configure:
Retrieve an authentication token and authenticate your Docker client to your registry.
Use the AWS CL
aws ecr get-login-password — region us-east-1 | docker login — username AWS — password-stdin 557822060553.dkr.ecr.us-east-1.amazonaws.com
Run the following command to push this image to your newly created AWS repository