AWS ECR Repository or Registry Policy Granted Public Access
Detects when an Amazon ECR repository or registry policy is modified to grant public access using a wildcard principal (Principal:"") statement. This rule analyzes SetRepositoryPolicy and PutRegistryPolicy events whose policy document grants an Allow effect to a wildcard ("") principal, indicating that pull (and potentially push) permissions were extended to all identities, including unauthenticated users. A public container registry can expose proprietary images and any secrets baked into their layers, and, if push is allowed, enables supply-chain implantation. Public ECR access is sometimes intentional for image distribution, so the granting principal and the permissions should be validated.
Elastic rule (View on GitHub)
1[metadata]
2creation_date = "2026/06/29"
3integration = ["aws"]
4maturity = "production"
5updated_date = "2026/06/29"
6
7[rule]
8author = ["Elastic"]
9description = """
10Detects when an Amazon ECR repository or registry policy is modified to grant public access using a wildcard principal
11(Principal:"*") statement. This rule analyzes SetRepositoryPolicy and PutRegistryPolicy events whose policy document grants an Allow effect to a
12wildcard ("*") principal, indicating that pull (and potentially push) permissions were
13extended to all identities, including unauthenticated users. A public container registry can expose proprietary images
14and any secrets baked into their layers, and, if push is allowed, enables supply-chain implantation. Public ECR access
15is sometimes intentional for image distribution, so the granting principal and the permissions should be validated.
16"""
17false_positives = [
18 """
19 Repositories used to distribute public images may legitimately contain Principal:"*". This rule does not by itself
20 determine whether a Deny statement restricts the same access; review the full policy in
21 "aws.cloudtrail.request_parameters" and confirm the granted actions (pull-only versus push) and whether public
22 exposure is intended.
23 """,
24]
25from = "now-15m"
26interval = "10m"
27language = "esql"
28license = "Elastic License v2"
29name = "AWS ECR Repository or Registry Policy Granted Public Access"
30note = """## Triage and analysis
31
32### Investigating AWS ECR Repository or Registry Policy Granted Public Access
33
34This rule detects "SetRepositoryPolicy" or "PutRegistryPolicy" calls where the policy document grants an Allow effect to a wildcard ("*") principal, granting access to all identities. A public ECR repository allows anyone to pull its images, exposing proprietary code and any secrets embedded in image layers; if push actions are granted, an adversary can implant a malicious image that downstream ECS, EKS, or Lambda workloads then run.
35
36### Possible investigation steps
37
38- Identify the actor in "aws.cloudtrail.user_identity.arn" and "aws.cloudtrail.user_identity.type", and review "source.ip" and "user_agent.original" for an unexpected origin or tool.
39- Extract the policy from "aws.cloudtrail.request_parameters" and identify the granted actions; pull actions (BatchGetImage, GetDownloadUrlForLayer) expose images, while push actions (PutImage, UploadLayerPart) enable implantation.
40- Confirm whether a Deny statement restricts the same access, in which case the alert may be a false positive.
41- Determine which repository is affected and whether it contains sensitive images, and correlate with subsequent pull or push activity from external principals.
42
43### False positive analysis
44
45- Public image distribution legitimately uses Principal:"*". Confirm the exposure is intended, the actions are pull-only, and the granting principal is approved.
46
47### Response and remediation
48
49- If the exposure is unauthorized, restore a known-good policy or remove the public statement, and review for any external pulls or pushes since the change.
50- Rotate or restrict credentials for the principal if compromise is suspected, and restrict "ecr:SetRepositoryPolicy" and "ecr:PutRegistryPolicy" to trusted administrators.
51"""
52references = [
53 "https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_SetRepositoryPolicy.html",
54 "https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html",
55]
56risk_score = 47
57rule_id = "699fdfb9-8430-4dcb-b5a9-da67dae64808"
58setup = "This rule requires AWS CloudTrail logs ingested via the Elastic AWS integration. See https://docs.elastic.co/integrations/aws/cloudtrail for setup details."
59severity = "medium"
60tags = [
61 "Domain: Cloud",
62 "Data Source: AWS",
63 "Data Source: Amazon Web Services",
64 "Data Source: AWS ECR",
65 "Use Case: Threat Detection",
66 "Tactic: Exfiltration",
67 "Resources: Investigation Guide",
68]
69timestamp_override = "event.ingested"
70type = "esql"
71
72query = '''
73FROM logs-aws.cloudtrail-* METADATA _id, _version, _index
74| WHERE event.provider == "ecr.amazonaws.com"
75 AND event.action IN ("SetRepositoryPolicy", "PutRegistryPolicy")
76 AND event.outcome == "success"
77 AND (aws.cloudtrail.user_identity.type IS NULL OR aws.cloudtrail.user_identity.type != "AWSService")
78 AND aws.cloudtrail.request_parameters RLIKE """.*\"Effect\": *\"Allow\".*"""
79 AND (aws.cloudtrail.request_parameters RLIKE """.*\"Principal\": *\"\*\".*"""
80 OR aws.cloudtrail.request_parameters RLIKE """.*\"Principal\": *\{ *\"AWS\": *\"\*\".*""")
81| KEEP _id, _version, _index, @timestamp, aws.*, cloud.*, event.*, source.*, user.*, user_agent.*
82'''
83
84
85[[rule.threat]]
86framework = "MITRE ATT&CK"
87[[rule.threat.technique]]
88id = "T1537"
89name = "Transfer Data to Cloud Account"
90reference = "https://attack.mitre.org/techniques/T1537/"
91
92
93[rule.threat.tactic]
94id = "TA0010"
95name = "Exfiltration"
96reference = "https://attack.mitre.org/tactics/TA0010/"
97
98[rule.investigation_fields]
99field_names = [
100 "@timestamp",
101 "user.name",
102 "user_agent.original",
103 "source.ip",
104 "source.as.number",
105 "source.as.organization.name",
106 "aws.cloudtrail.user_identity.arn",
107 "aws.cloudtrail.user_identity.type",
108 "aws.cloudtrail.user_identity.access_key_id",
109 "aws.cloudtrail.resources.arn",
110 "aws.cloudtrail.resources.type",
111 "event.action",
112 "event.outcome",
113 "cloud.account.id",
114 "cloud.region",
115 "aws.cloudtrail.request_parameters",
116 "aws.cloudtrail.response_elements",
117]
Triage and analysis
Investigating AWS ECR Repository or Registry Policy Granted Public Access
This rule detects "SetRepositoryPolicy" or "PutRegistryPolicy" calls where the policy document grants an Allow effect to a wildcard ("*") principal, granting access to all identities. A public ECR repository allows anyone to pull its images, exposing proprietary code and any secrets embedded in image layers; if push actions are granted, an adversary can implant a malicious image that downstream ECS, EKS, or Lambda workloads then run.
Possible investigation steps
- Identify the actor in "aws.cloudtrail.user_identity.arn" and "aws.cloudtrail.user_identity.type", and review "source.ip" and "user_agent.original" for an unexpected origin or tool.
- Extract the policy from "aws.cloudtrail.request_parameters" and identify the granted actions; pull actions (BatchGetImage, GetDownloadUrlForLayer) expose images, while push actions (PutImage, UploadLayerPart) enable implantation.
- Confirm whether a Deny statement restricts the same access, in which case the alert may be a false positive.
- Determine which repository is affected and whether it contains sensitive images, and correlate with subsequent pull or push activity from external principals.
False positive analysis
- Public image distribution legitimately uses Principal:"*". Confirm the exposure is intended, the actions are pull-only, and the granting principal is approved.
Response and remediation
- If the exposure is unauthorized, restore a known-good policy or remove the public statement, and review for any external pulls or pushes since the change.
- Rotate or restrict credentials for the principal if compromise is suspected, and restrict "ecr:SetRepositoryPolicy" and "ecr:PutRegistryPolicy" to trusted administrators.
References
Related rules
- AWS Bedrock High-Frequency Single-Model Inference API Probing
- AWS API Activity from Uncommon S3 Client by Rare User
- AWS DynamoDB Scan by Unusual User
- AWS DynamoDB Table Exported to S3
- AWS EC2 AMI Shared with Another Account