diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 04a14a91639..131dcb4d34d 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1826,6 +1826,7 @@
     k8s.gcr.io/ip-masq-agent-amd64,
     k8s.gcr.io/kube-proxy,
     k8s.gcr.io/prometheus-to-sd,
+    public.ecr.aws/falcosecurity/falco,
     quay.io/calico/node,
     sysdig/sysdig,
     sematext_images
@@ -1854,7 +1855,7 @@
 - list: falco_sensitive_mount_images
   items: [
     docker.io/sysdig/sysdig, sysdig/sysdig,
-    docker.io/falcosecurity/falco, falcosecurity/falco,
+    docker.io/falcosecurity/falco, falcosecurity/falco, public.ecr.aws/falcosecurity/falco,
     gcr.io/google_containers/hyperkube,
     gcr.io/google_containers/kube-proxy, docker.io/calico/node,
     docker.io/rook/toolbox, docker.io/cloudnativelabs/kube-router, docker.io/consul,
@@ -2363,7 +2364,8 @@
      docker.io/sysdig/sysdig, docker.io/falcosecurity/falco,
      sysdig/sysdig, falcosecurity/falco,
      fluent/fluentd-kubernetes-daemonset, prom/prometheus,
-     ibm_cloud_containers)
+     ibm_cloud_containers,
+     public.ecr.aws/falcosecurity/falco)
      or (k8s.ns.name = "kube-system"))
 
 - macro: k8s_api_server
@@ -2802,7 +2804,7 @@
   condition: (evt.type in (sendto, sendmsg) and evt.dir=< and (fd.net != "127.0.0.0/8" and not fd.snet in (rfc_1918_addresses)) and ((minerpool_http) or (minerpool_https) or (minerpool_other)))
 
 - macro: trusted_images_query_miner_domain_dns
-  condition: (container.image.repository in (docker.io/falcosecurity/falco, falcosecurity/falco))
+  condition: (container.image.repository in (docker.io/falcosecurity/falco, falcosecurity/falco, public.ecr.aws/falcosecurity/falco))
   append: false
 
 # The rule is disabled by default.