Skip to content

Commit

Permalink
fix(bootstrap): remove image scanning configuration
Browse files Browse the repository at this point in the history
Remove image scanning configuration for the staging ECR repository.

- Image Scanning Configuration in the bootstrap template causes problems
  in regions where image scanning is not available.
- Scanning configuration at the repository level has been deprecated in
  favor of configuration at the registry level, which also allows more
  configuration (basic vs. enhanced scanning).

Because of a bug in the ECR CloudFormation resource, removing the
configuration value does not actually turn it off. Therefore, for
people who have successfully bootstrapped in the past, the scanning
feature will be left as-is.
  • Loading branch information
rix0rrr committed Jul 27, 2022
1 parent f98edfe commit d2e5431
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -203,8 +203,6 @@ Resources:
Type: AWS::ECR::Repository
Properties:
ImageTagMutability: IMMUTABLE
ImageScanningConfiguration:
ScanOnPush: true
RepositoryName:
Fn::If:
- HasCustomContainerAssetsRepositoryName
Expand Down Expand Up @@ -510,7 +508,7 @@ Resources:
Type: String
Name:
Fn::Sub: '/cdk-bootstrap/${Qualifier}/version'
Value: '13'
Value: '14'
Outputs:
BucketName:
Description: The name of the S3 bucket owned by the CDK toolkit stack
Expand Down

0 comments on commit d2e5431

Please sign in to comment.