-
Hello Michael Oliveira,
Good day!Thank you for posting here.
I understand the confusion. However, the correct answer specifically mentions using “repository policies and identity-based policies” to govern access to the container images in Amazon ECR. It does not mention ABAC at all.
The recommended approach, as outlined in the correct answer, is to “implement repository policies and identity-based policies to govern access, restricting access to specific IAM principals and AWS accounts authorized to use the images.” This method relies on Amazon ECR’s built-in access control mechanisms, such as repository policies and IAM identity-based policies.
As for the option mentioning ABAC, it is incorrect in this context because one way to implement ABAC in AWS is by using IAM Identity Center (formerly AWS Single Sign-On), which supports ABAC policies to manage access based on attributes such as department, role, or team. Additionally, while ABAC can be a powerful access control mechanism, it introduces additional complexity and operational overhead compared to using identity-based policies. Lastly, ABAC requires defining and managing custom attributes and policies, which can be more challenging to implement and maintain.
I hope this clears things up!
Best regards,
Neil @ Tutorials Dojo
