Posted On: Mar 14, 2024
Starting today, AWS Signer container image signing and verification is available in the AWS GovCloud (US) Regions. You can now use AWS Signer, a managed signing service, to sign images in registries, such as Amazon Elastic Container Registry (ECR). You can validate that only approved images are deployed to Amazon Elastic Kubernetes Service (EKS) clusters or are in use in Amazon Elastic Container Service (ECS) clusters.
You can use container image signing to help ensure the use of approved images inside your organization, which can help you meet your security and compliance requirements. You can sign and verify container images at any time during the development or deployment phases. You can create unique signing identities in AWS Signer to cryptographically sign images in your repository with client-side tools. AWS Signer manages the signing keys, rotates code signing certificates, provides audit logs, and stores the signatures alongside your images. Amazon EKS and Kubernetes customers can use popular policy solutions like Gatekeeper or Kyverno or develop their own tooling to verify images.
For more information about the AWS Regions where AWS Signer is available, see the AWS Region table.