Skip to main content
Amazon Elastic Container Registry (ECR) is AWS’s managed Docker container registry. CybeDefend integrates with ECR to scan your container images using AWS IAM authentication.

CybeDefend Configuration

FieldDescriptionExample
AWS Account ID (12 digits)Your 12-digit AWS account ID123456789012
AWS RegionAWS region where your ECR is locatedUS East (N. Virginia) (us-east-1)
Access Key IDAWS IAM access key IDAKIAIOSFODNN7EXAMPLE
Secret Access KeyAWS IAM secret access keywJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
DescriptionOptional description for the registryProduction ECR registry

How to Create IAM Credentials for ECR

1

Access AWS Console

Go to AWS Console → IAMUsersCreate user
2

Attach Policy

Attach the policy AmazonEC2ContainerRegistryReadOnly (or AmazonEC2ContainerRegistryFullAccess for write access)
3

Create Access Key

Go to Security credentialsCreate access key → Select Application running outside AWS
4

Copy Credentials

Copy the Access Key ID and Secret Access Key and paste them in CybeDefend
The Secret Access Key is only displayed once when created. Make sure to copy it immediately before closing the dialog.

Security Best Practices

Use IAM Policies

Use AmazonEC2ContainerRegistryReadOnly for minimal permissions required.

Rotate Keys Regularly

Rotate access keys every 90 days as recommended by AWS security best practices.

Never Commit Keys

Store credentials in environment variables or AWS Secrets Manager.

Use IAM Roles

Prefer IAM roles over access keys when running in AWS environments.

Troubleshooting

  • Verify Access Key ID and Secret Access Key are correct
  • Check if the credentials have expired or been deactivated
  • Ensure the IAM user has the required permissions
  • Verify the selected region matches your ECR repository region
  • ECR repositories are region-specific