Deploy the Amazon ECR Integration

This integration enables the Amazon Elastic Container Registry (ECR) to automatically trigger an action to scan every new container that is pushed into the registry.

  1. Log into your AWS Console and select ‘US East (N. Virginia) us-east-1’ from the ‘Select a Region’ dropdown on the top right.

    For the purposes of this exercise we will be using AWS Region us-east-1

  2. Navigate to this CloudFormation template. CloudFormation

  3. Click Next. Stack details

  4. There are three items to update on this screen:

    • For ‘ScanningType’ make sure the default value of ‘Inline’ is selected

    • For ‘SysdigSecureEndpoint’, enter the value in your Sysdig Secure domain name, i.e. one of the following

      • https://secure.sysdig.com
      • https://eu1.app.sysdig.com
      • https://us2.app.sysdig.com

    • For ‘SysdigSecureAPIToken’, enter your ‘Sysdig Secure API Token’ for the Sysdig Secure account you created earlier. You can find in your Sysdig Secure User Profile (Note Please make sure you logged into Sysdig Secure, and not Sysdig Monitor). API token

  5. Click ‘Next’. You will be presented with ‘Configure stack options’ page.

  6. Click ‘Next’ accepting the default configuration options. Default options

  7. Make sure you tick the box acknowledging that AWS CloudFormation might create IAM resources with custom names.

  8. Click ‘Create stack’.

    You can view the status of the deployment from the Amazon CloudFormation screen. ECR

This deployment will create a new Amazon CloudBuild project that will automatically scan container images pushed to ECR registries.

To view your Amazon CloudBuild projects, browse to Developer Tools > CodeBuild ECR