top of page
< Back

AWS Foundational Security Best Practice

ECR.2

ECR private repositories should have tag immutability configured

Severity

Cloud Platforms

Resources

MEDIUM

AWS

Amazon Elastic Container Registry

This control checks whether a private ECR repository has tag immutability configured. This control fails if a private ECR repository has tag immutability disabled. This rule passes if tag immutability is configured and has the value IMMUTABLE

bottom of page