To configure or activate ECR enhanced scanning using AWS CDK, you can follow the below steps:
Install the necessary AWS CDK dependencies and set up your project.
In your code editor, import the necessary libraries:
import { Effect, PolicyStatement } from '@aws-cdk/aws-iam';
import { Repository } from '@aws-cdk/aws-ecr';
import { CfnRepository } from '@aws-cdk/aws-ecr';
const ecrRepository = new Repository(this, 'ECRRepositoryName', {
repositoryName: 'example_repository_name',
removalPolicy: RemovalPolicy.DESTROY,
});
ecrRepository.addToResourcePolicy(new PolicyStatement({
actions: [
"ecr:DescribeImages",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:PutImageScanningConfiguration",
],
principals: [new ServicePrincipal('ecr.amazonaws.com')],
effect: Effect.ALLOW,
}));
const ecrRepoCFN = ecrRepository.node.defaultChild as CfnRepository;
ecrRepoCFN.imageScanningConfiguration = {
scanOnPush: true,
};
Note: Make sure you have sufficient permissions to create an ECR repository and to add the required policy statements.
Asked: 2023-07-09 19:28:26 +0000
Seen: 10 times
Last updated: Jul 09 '23