Control: ECR private repositories should have tag immutability configured
This control checks whether a private ECR repository has tag immutability enabled. This control fails if a private ECR repository has tag immutability disabled. This rule passes if tag immutability is enabled and has the value IMMUTABLE.
Run the control in your terminal:
steampipe check aws_compliance.control.ecr_repository_tag_immutability_enabled
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.control.ecr_repository_tag_immutability_enabled
This control uses a named query:ecr_repository_tag_immutability_enabled