Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(CDK-ECR): (ECR repositories should have at least one lifecycle policy configured) #25078

Closed
niraj-khandelwal opened this issue Apr 12, 2023 · 3 comments
Closed

(CDK-ECR): (ECR repositories should have at least one lifecycle policy configured) #25078

niraj-khandelwal opened this issue Apr 12, 2023 · 3 comments
Labels
@aws-cdk/aws-ecr Related to Amazon Elastic Container Registry effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1

Comments

@niraj-khandelwal
Copy link

Describe the bug

We have migrated our 140 accounts to AWS CDK.

As a company policy, we follow AWS Security best practices and as a part of that we have enabled Security Hub Standard - AWS Foundational Security Best Practices v1.0.0

Security Hub Standard does show a finding that -> ECR repositories should have at least one lifecycle policy configured.

ECR created by CDK is showing this finding across all accounts.

Requesting you to fix that.

Expected Behavior

ECR created by CDK should follow AWS defined Security standard and should have life cycle policy configured.

Current Behavior

ECR repositories should have does not have lifecycle policy configured.

Reproduction Steps

NA

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.69.0

Framework Version

No response

Node.js Version

NA

OS

Linux

Language

Python

Language Version

Python 3.9

Other information

No response
@niraj-khandelwal niraj-khandelwal added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 12, 2023
@github-actions github-actions bot added the @aws-cdk/aws-ecr Related to Amazon Elastic Container Registry label Apr 12, 2023
@pahud
Copy link
Contributor

pahud commented Apr 12, 2023

Thank you for your report. I am leaving this feature request open as p2 and welcome community upvotes to help us prioritize. At this moment, I believe you can simply use addLifeCycleRule() for all your ECR repos.

And, migrating 140 accounts to AWS CDK is awesome! Thanks for letting us know.

@pahud pahud added p2 feature-request A feature should be added or improved. effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. bug This issue is a bug. labels Apr 12, 2023
@rix0rrr
Copy link
Contributor

rix0rrr commented Apr 13, 2023

Interesting you should bring this up. This was I believe just fixed here, released in v2.72.0.

@pahud pahud added p1 and removed p2 labels Apr 13, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ecr Related to Amazon Elastic Container Registry effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pahud @rix0rrr @corymhall @niraj-khandelwal