Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
What do you want us to build?
The --registry-id flag in the describe-image-scan-findings command specifies the AWS account ID for the target registry. However, when trying to describe the scan findings for cross-account ECR repository images, the command fails with "ScanNotFoundException" due to limitations in Amazon Inspector's integration with ECR enhanced scanning.
It would be good to support the --registry-id flag to allow the retrieval of image scan findings for cross-account ECR repository images directly.
Which service(s) is this request for?
ECR
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now? What is the impact of not having this problem solved? The more details you can provide, the better we'll be able to understand and solve the problem.
Access image scan findings for images in cross account ECR repository directly which is not possible due to limitation from Amazon Inspector end.
Are you currently working around this issue?
How are you currently solving this problem?
The current workaround is to make the Source Account as the Delegated administrator for the Inspector Service or assume an IAM Role/User in the Target Account to be able to describe the image scan findings.
Additional context
Anything else we should know?
Attachments
If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)