Can you configure Amazon ECR containers to be immutable?


Is there a way to configure Amazon ECR containers so that they can't be changed once they're created? Here are our requirements:

  • Containers can't be changed after their built.
  • Containers can't receive updates.
  • Changes in the containerized application must require the building and deployment of a new container image.
  • Runtime data and configurations must be stored outside of the container environment.
asked 3 years ago306 views
1 Answer
Accepted Answer

Yes, you can configure Amazon ECR containers to be immutable. Amazon ECR uses resource-based permissions to control access to repositories. The resource-based permissions let you specify which IAM users or roles have access to a repository and what actions they can perform on it. By default, only the repository owner has access to a repository.

For more information, see Repository policies and Image tag mutability in the Amazon ECR user guide.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions