Amazon ECR now supports managed container image signing to enhance your security posture and eliminate the operational overhead of setting up signing. Container image signing allows you to verify that images are from trusted sources. With managed signing, ECR simplifies setting up container image signing to just a few clicks in the ECR Console or a single API call.
To get started, create a signing rule with an AWS Signer signing profile that specifies parameters such as signature validity period, and which repositories ECR should sign images for. Once configured, ECR automatically signs images as they are pushed using the identity of the entity pushing the image. ECR leverages AWS Signer for signing operations, which handles key material and certificate lifecycle management including generation, secure storage, and rotation. All signing operations are logged through CloudTrail for full auditability.
ECR managed signing is available in all AWS Regions where AWS Signer is available. To learn more, visit the documentation.
Categories: general:products/amazon-ecr,marketing:marchitecture/containers,general:products/aws-govcloud-us
Source: Amazon Web Services
