A Cloud Architect Company
Amazon Web Services

How to setup vulnerability scanning for Docker images in AWS ECR


In this article we are going to setup vulnerability scanning for Docker images in AWS ECR.


Docker is an open-source platform that automates the deployment of applications inside software containers. Containers are lightweight, portable, and self-sufficient units that encapsulate all the dependencies required to run a software application, including the code, runtime, system tools, libraries, and settings. Docker uses containerization technology to package applications into containers, enabling developers to build, ship, and run applications consistently across different environments, such as development, testing, and production.


ECR is a fully managed Docker container registry service provided by Amazon Web Services. It allows you to store, manage, and deploy Docker container images securely. ECR is tightly integrated with other AWS services, particularly Amazon ECS and Amazon Elastic Kubernetes Service, making it easy to deploy containerized applications on AWS infrastructure.

If you would like to follow a video tutorial please use our YouTube video.



  • AWS account.
  • AWS account with ECR Full access.
  • Basic knowledge about ECR and Docker.


  • Engineer


Go inside AWS console > go inside ECR > Click on create repository.

Creating Repository

select private or public based on your requirements > Give a name to the ECR repository.

Creating Repository

Enable scan on push, this will scan the vulnerability when we push image to the repository > click create repository.

Creating Repository

Go to IAM > go inside users > click create user.

Adding IAM user

Give user name > click Next.

Adding IAM user

Click on attach policies > attach the ECR Full access > click next > create user.

Selecting policy

Go inside the User we created > go inside security credentials.

Security credentials

scroll down and click on create acess key.

Creating access key

choose the use case based on your requirements > next > create access key.

Creating access key

These are the access and secret access key. you can download the file if needed.

Creating access key

Go inside ec2 instance. I already created an instance. If you dont have one you can create new one. Go inside the instance.

EC2 Instance

Click on connect.

Connecting Ec2 instance

Now install Docker by using the following command.

Installing docker

start the Docker.

Starting Docker

Create an Folder.

Creating Folder

pass an content to file and create an file. next create an Docker file. go inside the docker file by using VI editor.

Creating File

copy the file we created to the default path of nginx > save the file.

Edit Docker file

Next we should Configure AWS credentials. Give the access key, secret key and region.

AWS Configure

Go inside AWS console > go inside ECR > open the repository we created > click on view push commands.


Copy the First link.

Copy the Logging command

paste the link in instance command line.

Paste in command line

Successfully logged in.
Copy the Docker build command.
Docker command
paste the link command line and Enter.
paste Docker command
copy the tag command, this command will tag the image to the repository.
Copy the tag command
paste the command in command line and click enter.
paste tag command
Copy the push command, this command will push the image to the repository.
Copy the push command
paste the push command line and click enter.
Paste push command
you can see that the image is pushed to the repository.
Tick the check box > click on details.
ECR Details
Scanning vulnerabilities
you can see that it scanned the vulnerability.


Should you required help in performing the above steps, feel free to contact at our email id [email protected]

Website – www.easydeploy.io/contact-us

Leave a Reply

Your email address will not be published. Required fields are marked *

back to top

Contact Us to save your AWS bill by 40%