By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Custom Amazon SageMaker container registration and deployment tracking

0

My customer asks that:

  • Container images must be registered and deployments tracked

  • Containers must be registered within a private customer-owned registry prior to deployment

  • Only registered containers are to be deployed.

  • Part of the registration process must include verification the containers have comes from a trusted source and that they have been scanned and found to be free of malware and vulnerabilities.

  • An inventory of all deployed containers must be maintained at all times.

  • The inventory must include: Software installed within the container version of all software and patch level . Where the container has been deployed . Owner of the container

Do we do any of these? Please provide documentation on AWS/SageMaker vs custom container provider's responsibilities.

Topics
Machine Learning & AI
Tags
Amazon SageMaker
Language
English
EXPERT
Mahesh_V
asked 3 years ago330 views
1 Answer
0
Accepted Answer

Amazon Elastic Container Registry (Amazon ECR) enables customers to store images, secure their images using AWS Identity and Access Management (IAM), and scan their containers for vulnerabilities. Open Policy Agent (OPA) is an open-source project focused on codifying policy such as the approved image registries. OPA is integrated with Kubernetes via Gatekeeper, an admission controller that checks if the image is from an approved registry prior to allowing it to be deployed on the cluster. For more details see: https://aws.amazon.com/blogs/containers/designing-a-secure-container-image-registry

EXPERT
Mahesh_V
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content