Severity Framework
Snyk CCSS
Rule category
Availability / Replication
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk ID SNYK-CC-00763
- credit Snyk Research Team
Description
Lack of replication configuration for AWS ECR private registries can lead to regional data unavailability and potential business continuity issues. Cross-region replication is essential to ensure that container images are available in multiple regions for failover and redundancy purposes. This also aids in reducing latency for global applications by having images stored closer to compute resources.
How to fix?
Set the region
and registry_id
attributes in the replication_configuration.rule.destination
attribute in the aws_ecr_replication_configuration
resource.
Example Configuration
data "aws_caller_identity" "current" {}
resource "aws_ecr_replication_configuration" "example" {
replication_configuration {
rule {
destination {
region = "ap-northeast-3"
registry_id = data.aws_caller_identity.current.account_id
}
destination {
region = "eu-west-2"
registry_id = data.aws_caller_identity.current.account_id
}
}
}
}