AWS ECR Repository or Registry Policy Granted Public Access
A malicious actor or misconfigured legitimate user can modify an Amazon ECR repository or registry policy to grant public access using a wildcard principal (`Principal:"*"`), which can lead to the exfiltration of proprietary container images and embedded secrets, or facilitate supply-chain implantation if push permissions are also granted.
This threat involves the modification of an Amazon Elastic Container Registry (ECR) policy to grant public access, which can be performed by an attacker who has gained initial access to an AWS account or by an insider with appropriate permissions, or inadvertently by a legitimate user. The malicious activity specifically targets the SetRepositoryPolicy or PutRegistryPolicy API calls to include a policy document with an Allow effect for a wildcard principal ("*"), effectively opening the container registry to all identities, including unauthenticated users. This misconfiguration, once established, can lead to the exfiltration of sensitive, proprietary container images, including any embedded secrets, posing a significant data breach risk. Furthermore, if the public policy also permits push actions, an adversary can implant malicious container images into the registry, leading to a severe supply chain compromise when these backdoored images are subsequently deployed by downstream services such as AWS ECS, EKS, or Lambda workloads.
Attack Chain
- An attacker gains initial access to an AWS account through compromised credentials, insecure access keys, or by exploiting vulnerabilities in connected services.
- The attacker, leveraging the compromised credentials, executes an
ecr:SetRepositoryPolicyorecr:PutRegistryPolicyAPI call to modify an existing ECR repository or registry policy. - The API request includes a crafted policy document that sets an
Alloweffect for aPrincipalfield containing"*", thereby granting public access. - The ECR service successfully processes the policy update, making the specified repository or registry publicly accessible for
pullactions (e.g.,ecr:BatchGetImage,ecr:GetDownloadUrlForLayer). - The attacker, or any other unauthorized entity, can now pull proprietary container images from the ECR repository, leading to the exfiltration of intellectual property, sensitive configurations, and hardcoded secrets.
- (Optional) If the publicly exposed policy also grants
pushpermissions (e.g.,ecr:PutImage,ecr:UploadLayerPart), the attacker can push malicious or backdoored container images to the repository. - Downstream services and applications (e.g., AWS ECS tasks, EKS pods, Lambda functions) configured to pull images from this repository will then fetch and deploy the compromised images.
- This deployment leads to a supply chain compromise, allowing the attacker to execute arbitrary code, establish persistence, or further expand their presence within the victim's cloud environment.
Impact
The primary impact of public ECR access is the exfiltration of sensitive data, including proprietary source code, application configurations, and hardcoded secrets (such as API keys, database credentials) that are baked into container images. Organizations across all sectors utilizing AWS ECR are susceptible. If the policy permits push access, the impact escalates to a supply chain attack, where adversaries can inject malicious code into deployed applications, leading to widespread system compromise, data breaches, and potential operational disruption. This could affect numerous downstream services within an organization's cloud infrastructure, potentially compromising customer data or critical business processes.
Recommendation
- Deploy the Sigma rule "AWS ECR Repository or Registry Policy Granted Public Access" in this brief to your SIEM and tune for your environment, paying close attention to
aws.cloudtrail.user_identity.arnandaws.cloudtrail.user_identity.type. - Review AWS CloudTrail logs for
SetRepositoryPolicyorPutRegistryPolicyevents to identify any unauthorized or unintended policy changes. - Restrict
ecr:SetRepositoryPolicyandecr:PutRegistryPolicypermissions within your AWS accounts to only trusted administrators using AWS IAM policies. - Ensure that any publicly exposed ECR repositories identified by the Sigma rule are intentionally public, that the access is strictly pull-only, and that their contents do not contain any sensitive data.
- Regularly audit ECR repository policies for adherence to the principle of least privilege, specifically checking for
Principal:"*"statements.
Detection coverage 1
AWS ECR Repository or Registry Policy Granted Public Access
mediumDetects when an Amazon ECR repository or registry policy is modified to grant public access using a wildcard principal (Principal:"*") statement, indicating potential exfiltration or supply chain compromise risk.
Detection queries are available on the platform. Get full rules →