Policy: AWS > ECR > Private Registry > Scanning Configuration

Define the Scanning Configuration settings required for AWS > ECR > Private Registry.

The Scanning configuration determines the type of scanning performed on the contents of repositories.

Note: Enforcing Basic or Enhanced Scanning on a Private Registry via this control with AWS > ECR > Private Registry > Scanning Configuration > * policies set to an empty array ([]) will remove all existing Scanning Configuration filters on the Private Registry.

Resource Types

This policy targets the following resource types:

AWS > ECR > Private Registry

Controls

AWS > ECR > Private Registry > Scanning Configuration

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Basic Scanning Enabled` `Check: Enhanced Scanning Enabled` `Enforce: Enable Basic Scanning` `Enforce: Enable Enhanced Scanning`
Examples [YAML]	`Check: Basic Scanning Enabled`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/security

Policy Type URI

tmod:@turbot/aws-ecr#/policy/types/privateRegistryScanningConfiguration

GraphQL

query policyType(id: "tmod:@turbot/aws-ecr#/policy/types/privateRegistryScanningConfiguration") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-ecr#/policy/types/privateRegistryScanningConfiguration'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-ecr#/policy/types/privateRegistryScanningConfiguration'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-ecr#/policy/types/privateRegistryScanningConfiguration"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-ecr#/policy/types/privateRegistryScanningConfiguration"