Terraform AWS ECR ECR repositories with image scanning, immutable tags, KMS encryption, lifecycle policies, repository policies, replication, and controlled push and pull access.
Controls enforced These compliance controls are checked at terraform plan time.
Quick start NIST Cybersecurity Framework v2.0 ACSC Essential Eight AWS Well-Architected Framework v10 FedRAMP Moderate Baseline Rev 4 NIST SP 800-53 Rev 5 PCI DSS v4.0 RBI IT Framework for NBFCs SOC 2
module "ecr" { source = "nistcsf.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } module "ecr" { source = "acscessentialeight.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } module "ecr" { source = "awswellarchitected.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } module "ecr" { source = "fedrampmoderate.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } module "ecr" { source = "nist80053.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } module "ecr" { source = "pcidss.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } module "ecr" { source = "rbiitfnbfc.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } module "ecr" { source = "soc2.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" # ... your arguments here } See the Get Started guide and Registry Endpoints for details on how to customize the module for your requirements.
Migration from upstream Already using terraform-aws-modules? Change only the source URL:
Before After
module "ecr" { source = "terraform-aws-modules/ecr/aws" version = "1.0" } module "ecr" { source = "soc2.compliance.tf/terraform-aws-modules/ecr/aws" version = "1.0" } Same arguments. Same outputs. Controls are checked at terraform plan. See the Migration Guide for step-by-step instructions.
Reversibility No lock-in. Switch back by reverting the source URL:
module "ecr" { source = "terraform-aws-modules/ecr/aws" } Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.
Mapped compliance frameworks NIST Cybersecurity Framework v2.0 ACSC Essential Eight AWS Well-Architected Framework v10 FedRAMP Moderate Baseline Rev 4 NIST SP 800-53 Rev 5 PCI DSS v4.0 RBI IT Framework for NBFCs SOC 2
ACSC-EE-ML3-6.4: Patch operating systems ML3
Infrastructure protection
RA-5: Vulnerability Scanning
SI-2(5): Automatic Software And Firmware Updates
11.3.1.2: External and internal vulnerabilities are regularly identified, prioritized, and addressed.
11.3.1.3: 3 Internal vulnerability scans are performed after any significant change
11.3.1.3: External and internal vulnerabilities are regularly identified, prioritized, and addressed.
11.3.1: External and internal vulnerabilities are regularly identified, prioritized, and addressed.
3.1.a Identification and Classification of Information Assets
CC7.1: To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.
Framework coverage Which controls from this module are active under each framework endpoint.
● enforced by default · ○ not activated by this endpoint
