Custom Amazon SageMaker container registration and deployment tracking

Question

My customer asks that:

* Container images must be registered and deployments tracked

* Containers must be registered within a private customer-owned registry prior to deployment

* Only registered containers are to be deployed.
	
* Part of the registration process must include verification the containers have comes from a trusted source and that they have been scanned and found to be free of malware and vulnerabilities.

* An inventory of all deployed containers must be maintained at all times.

* The inventory must include:
	 Software installed within the container
	version of all software and patch level
	. Where the container has been deployed
	. Owner of the container

Do we do any of these? Please provide documentation on AWS/SageMaker vs custom container provider's responsibilities.

Accepted Answer

Amazon Elastic Container Registry (Amazon ECR) enables customers to store images, secure their images using AWS Identity and Access Management (IAM), and scan their containers for vulnerabilities. Open Policy Agent (OPA) is an open-source project focused on codifying policy such as the approved image registries. OPA is integrated with Kubernetes via Gatekeeper, an admission controller that checks if the image is from an approved registry prior to allowing it to be deployed on the cluster. For more details see: https://aws.amazon.com/blogs/containers/designing-a-secure-container-image-registry

Custom Amazon SageMaker container registration and deployment tracking

Contenido relevante