Deny execution of non-compliant images on EKS using AWS Security Hub and ECR
As we move toward application modernization, we are more likely to work with microservices and containers. In this digital era of high-speed application development, if you miss out on any security loophole, then it will make your application vulnerable and may impact your business. In the DevSecOps shift-left practice, we try to find out all the vulnerabilities long before deployment. In this section, we will learn how to automate a solution that denies the creation of EKS resources with non-compliant container images. The following diagram shows the flow of the solution and how all the components integrate with each other:
Figure 7.4 – Flow diagram of an ECR compliance solution
The preceding diagram illustrates the following steps:
- Whenever a developer builds an image and pushes it to ECR, ECR will scan the image. The scanning of the image takes place on either image...
