aws-security-reference-architecture-examples icon indicating copy to clipboard operation
aws-security-reference-architecture-examples copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

[FEATURE] Amazon Inspector ECR re-scan settings - allow for more options

Open joegajeckyj opened this issue 5 months ago • 1 comments

Is your feature request related to a problem? Please describe

Currently only able to set the re-scan duration for inspector to LIFETIME|DAYS_30|DAYS_180

params.update(parameter_pattern_validator("ECR_SCAN_DURATION", os.environ.get("ECR_SCAN_DURATION"), pattern=r"^(LIFETIME|DAYS_30|DAYS_180){1}$"))

Describe the solution you'd like

Allow all the selections that the API accepts i.e.

response = client.update_configuration(
    ec2Configuration={
        'scanMode': 'EC2_SSM_AGENT_BASED'|'EC2_HYBRID'
    },
    ecrConfiguration={
        'pullDateRescanDuration': 'DAYS_14'|'DAYS_30'|'DAYS_60'|'DAYS_90'|'DAYS_180',
        'rescanDuration': 'LIFETIME'|'DAYS_30'|'DAYS_180'|'DAYS_14'|'DAYS_60'|'DAYS_90'
    }
)

Describe alternatives you've considered

we have set to 30 for now while we await the ability to set lower

Additional context

Parameter setting in sra-inspector-org-main-ssm.json { "ParameterKey": "pEcrRescanDuration", "ParameterValue": "LIFETIME" }

joegajeckyj avatar May 08 '25 12:05 joegajeckyj