Configure integration for Amazon Elastic Container Registry (ECR)

When you connect to the ECR integration, ensure that the us-east-2 region is activated. This is required for the STS (Security Token Service) to work properly. For more information, see the related support article.

This page explains how to enable integration between one Amazon ECR registry and a Snyk Organization and start managing your image security. To integrate with multiple registries, create a unique Organization for each one.

Automated integration process for ECR

You can establish cross-account access to enable Snyk's Amazon ECR integration as a one-click deployment using an AWS Quick Start, This eliminates the need for manual configuration.

You must have your Snyk Organization ID and AWS IAM role ARN to complete the integration. The role ARN is provided in the AWS CloudFormation Console's Output tab.

Manual integration process for ECR

To enable integration, you must first create a read-only AWS Identity and Access Management (IAM) role. The role delegates read-only access to all repositories in your registry for Snyk per Organization by indicating the list of permitted Snyk-assigned Organization IDs.

After you create the IAM role, when integrating additional organizations, you can add the additional Organization IDs as needed.

PreviousAdd more Organizations to your AWS IAM role for Snyk authentication NextAmazon Elastic Container Registry (ECR) - configure your integration with Snyk

Last updated 3 months ago

Was this helpful?