ECR – kevwells.com

HOME
Skills & Experience
Current Threats & Trends
Articles
- Automation & MonitoringStreamline operations with Ansible workflows, logging pipelines, and proactive monitoring.
- Backups & DRProtect data and maintain continuity with resilient backup and recovery strategies.
- Cloud SecurityDefend AWS and hybrid environments with strong identity, policy, and monitoring controls.
- Identity & Access Management (IAM)Secure access with SSH keys, sudo, PAM, and cloud IAM roles.
- System HardeningSecure Linux systems through patching, CIS benchmarks, and OS lockdown.
- Tools & CheatsheetsPractical quick-reference guides for Linux and cloud security administrators.
Resources
About
Contact

Container security on AWS: ECR, least-privilege, runtime basics

August 20, 2025September 2, 2025 by Admin

Last updated: 20 Aug 2025 Short version: Scan images in ECR, use immutable tags, assign least-privilege roles to tasks/pods, keep roots read-only, and send logs/metrics to CloudWatch. 1) ECR hygiene Enable image scanning and lifecycle policies (expire old tags). Use immutable tags (no latest); pin digests in deployments. 2) IAM & secrets ECS: task roles … Read more