Containers-roadmap: Content Trust / Notary support for ECS/ECR

Thanks for feedback, @DrFaust92. We've started to discuss how we want this to work for our customers. It's a surprisingly complicated topic though, so we don't have a proposal to share yet. We're going to leave this open as a placeholder.

Any update on this?

Would be great to see it on AWS ECR. Also I think until it is out we can run our own notary server and then after signing docker image via Notary then push it to ECR

Any update or insight into the status of this for ECS? Image SHA tracking was announced for ECS https://aws.amazon.com/about-aws/whats-new/2019/10/amazon-ecs-now-supports-ecs-image-sha-tracking/ , however it's not clear if this fulfills the trusted content requirement.

Update: as part of a broader community 'Notary v2' initiative, ECR will participate and contribute with a view to apply that specification to our effort tracked by this issue. Its an open group with multiple cloud and on-premise vendors working together, with the kickoff meeting held on 12/12 here in Seattle.

@omieomye , Thank you for providing an update and transparency into the current state of container signing within the broader community. Aside from listening to the kick-off meeting, how can users get involved in the discussion?

Call in details for the OCI weekly meeting is available here: https://github.com/opencontainers/org. You also can join the relevant IRC and Slack channels, which are linked from the same github page.

Am I correct in thinking that notary cannot be used with ecr still?

Yup. https://awscloudcontainersconference.splashthat.com/ Everyone should attend this event.

Security Best Practices with Amazon ECR
Omar Paul, Sr Product Manager, ECR

We have questions for Omar!

Our progress on Notary is tracked by this issue, and we're actively participating towards a Notary v2 specification. On the summit presentation, I would love to get feedback what the ECR community wants us to tackle. Tweet or DM @omieomye and we'll go from there.

Currently slated 2021 with Notary v2 per Omar's presentation linked by @chrisdipesa above. Are there any other compensating controls one could perform to meet this need until 2021?

Hey @omieomye and @chrisdipesa
I'm curious to know if there are any slides or recording from the summit presentation. The links provided no longer work.

seems this issue is missing any context on why v2, so adding in some links

high level blog post on v2 - https://www.docker.com/blog/community-collaboration-on-notary-v2/
v2 requirements - https://github.com/notaryproject/requirements
working group meeting notes - https://hackmd.io/_vrqBGAOSUC_VWvFzWruZw

+1

With the release of ECR Public, this seems more relevant and valuable than ever.