AWS ECR (Elastic Container Registry)
Trivy uses AWS SDK. You don't need to install aws CLI tool.
You can use AWS CLI's ENV Vars.
AWS private registry permissions
You may need to grant permissions to allow Trivy to pull images from private ECR.
It depends on how you want to provide AWS Role to trivy.
IAM Role Service account
Add the AWS role in trivy's service account annotations:
trivy:
serviceAccount:
annotations: {}
# eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME
Kube2iam or Kiam
Add the AWS role to pod's annotations:
podAnnotations: {}
## kube2iam/kiam annotation
# iam.amazonaws.com/role: arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME