Lineaje Learning Center
  • About Lineaje
  • Lineaje Product Offering
  • Getting started
    • Create an account
      • Configure Azure AD for sso
      • Configure Okta for sso
    • Onboarding workflow
  • SBOM360, OSM
    • Generate an SBOM
      • Source Code Management (SCM) As Source
        • Public Code Repositories
        • Private Code Repositories
          • Configure GitHub credentials
          • Configure Bitbucket credentials
          • Configure Gitlab credentials
          • Configure Git credentials
          • Configure Azure Repo
        • Frequently Asked Questions
      • Container Image As Source
        • Public Container Image
        • Private Container Image
          • Configure AWS Elastic Container Registry
          • Configure Google Container Registry
          • Configure Docker Hub
          • Configure Generic OCI Registry
          • Configure Azure Container Registry
        • Frequently Asked Questions
      • Existing SBOM As Source
        • EO 14028 checks
      • Manifest file As Source
      • Android Package Kit (APK)
      • Using Lineaje CLI
    • Explore Your SBOM
      • Info
      • Attestation
      • IRL
      • Dependencies
      • Provenance
      • Vulnerabilities
      • Mitigations
      • Security Posture
      • Code Quality
      • Suppliers & Licenses
      • Findings
    • Manage Your SBOM
    • Dashboard
    • Search
    • Policies and Gates
    • Organization and User Management
      • Organization example
    • Lineaje AI
    • AI Plan and AI Remediate
      • JIRA Integration
  • SBOM360 Hub
    • My Products
    • My SBOMS
    • Find & Review SBOMs
    • Manage Your Repository
    • Request and Share SBOMS
    • Settings
    • User Roles
  • Lineaje CLI
    • System Configuration
    • Toolset Configuration
    • CLI Installation
    • CLI Usage
    • Troubleshooting CLI issues
    • Support matrix
  • Integration with CICD pipeline
    • Pre-Requisites
    • Generate Project from source code
      • Project creation using Lineaje cloud
  • Abbreviations and Descriptions
  • Release Notes
    • Unified Scanner for AWS
Powered by GitBook
On this page
  • Manual Configuration
  • IAM CloudFormation Template​
  1. SBOM360, OSM
  2. Generate an SBOM
  3. Container Image As Source
  4. Private Container Image

Configure AWS Elastic Container Registry

Provide credentials to access private ECR

PreviousPrivate Container ImageNextConfigure Google Container Registry

Last updated 1 year ago

There are two options to configure access to AWS-ECR private registry: CloudFormation Template and Configure Manually

Manual Configuration

This configuration allows you to enter the accountID, accessToken, secretkey and Region. This would allow Lineaje to get access to your organization’s private ECR registry.

For security reasons, Lineaje recommends creating new user with cross account role. Follow the below steps to create a new user:

  • Go to the AWS console and login using your organization credentials

  • Navigate to Identity and Access Management (IAM) and click Users

  • Add users, then enter the user name

  • For the AWS credential type, press Access key - Programmatic access then set permissions. There are two required permissions you will need to set:

    • AmazonEC2ContainerRegistryFullAccess

    • AmazonElasticContainerRegistryPublicFullAccess

  • Skip Tags Tab

  • Review Tab

  • Final tab will provide you the access key id and secret access key

IAM CloudFormation Template​

The CloudFormation Template (CFT) option needs a CFT file to be uploaded.

  • Download the sample CFT file

  • Go to the AWS console and login using your organization credentials

    • Go to the AWS sign-in page https://console.aws.amazon.com/cloudformation

    • Click the buttons Create Stack -> With New Resources

    • Leave the Prepare Template setting as-is

      • For Template source select Upload a template file

      • Click Choose file and select the CloudFormation template you downloaded and click Next

    • For Stack name use SBOM360-ECR-Permissions-Stack and click Next

    • For Configure Stack Options, it is recommended to use configuring tags, which are key-value pairs that can help you identify your stacks and the resources they create. You will not have to use additional permissions or advanced options so click Next.

    • For Review

      • Scroll down to the bottom of the page and select "I acknowledge that AWS CloudFormation might create IAM resources with custom names."

      • Click Create Stack

      • You will be taken to the CloudFormation stack status page, showing the stack creation in progress

        • Click on the Events tab and watch the CloudFormation events as they form the IAM Role

      • Click on the Outputs tab and copy the value of the EcrIntegrationRoleARN key

      • It should look similar to the following key - arn:aws:iam:/sbom360/SBOM360_ECR_Role

  • Upload the updated CFT in the configure step

  • By clicking on Test Connection, the connection will be tested against the credentials