Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/terraform_aws_compliance
Overview
69Dashboards
357Controls
357Queries
2Variables
GitHub
Loading controls...

Control: ECR repository tags should be immutable

Description

AWS ECR should have all tags be immutable - once a container is published, another image cannot assume the same tag.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.ecr_repository_tags_immutable

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.ecr_repository_tags_immutable --share

SQL

This control uses a named query:

ecr_repository_tags_immutable

Tags

category = Compliance
plugin = terraform
service = AWS/ECR
type = Benchmark