ECR Scanning using IAM Roles
AWS ECR - IAM Rolesβ
When the NeuVector containers are deployed in AWS, and an EC2 instance is assigned a role of βEC2 Container Registryβ Read Access, the AWS ECR registry can be scanned without an Access Key and Secret Key.
Here is how to create an AWS role and assign it to the node.
Select the Instanceβ
Note that the IAM role is either blank or does not include the ECR role
Attach a Roleβ
Select Actions -> Instance Settings -> Attach/Replace IAM Role
If you have not previously created the ECR role, click Create New IAM Role. Enter the role name.
Select the AWS Serviceβ
List of Rolesβ
Attach the ECR Read Permission to the Roleβ
Review Your Settingsβ
Check the Instance for IAM Roleβ
