For FedRAMP: Cloud Asset Discovery be nice to have ECR Image #3653
Description
Is your feature request related to a problem? Please describe.
Yes. The Cloud Asset Inventory integration currently does not include Amazon ECR (Elastic Container Registry) Images as a supported asset type. This creates a critical blind spot for containerized workloads. In FedRAMP environments, we rely on continuous monitoring to maintain visibility over all assets, including container images. Without ECR image data, it's difficult to track image lifecycles, detect outdated or unauthorized images, and correlate ECR assets with other cloud resources during security investigations or compliance reviews.
Describe the solution you'd like
Add support for ECR Image assets (AWS::ECR::Image) in the Cloud Asset Inventory integration. The integration should collect and normalize key metadata fields such as:
ecr.repository.nameecr.image.tagecr.image.digestecr.image.pushed_at
These should be mapped to ECS fields and ingested as part of the asset inventory, enabling container image visibility within dashboards, detections, and investigations. This would bring container assets into the same monitoring framework we use for EC2, S3, and other AWS resources.
Describe alternatives you've considered
Additional context
Adding ECR Image support would close a visibility gap that directly affects FedRAMP continuous monitoring requirements. Container images represent critical infrastructure components, and treating them as first-class assets would align Elastic with modern container security practices. This feature would allow teams to continuously track container image states, detect anomalies, and meet compliance obligations in regulated environments.