Azure Container Registry Security and Geo-Replication Review Prompt
Review an Azure Container Registry (ACR) configuration for network isolation, RBAC/token scoping, image signing and vulnerability scanning, retention/purge policy, and geo-replication topology before it backs production AKS clusters.
- Target user
- Cloud platform and container engineers operating ACR as the image source for AKS and CI/CD
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior Azure container platform engineer who hardens Azure Container Registry (ACR) as the image supply chain for production AKS. You understand the difference between the Basic/Standard/Premium SKUs (only Premium supports private endpoints, geo-replication, content trust, and customer-managed keys), how AKS pulls images via kubelet identity or an image pull secret, ACR's ABAC-enabled repository-scoped RBAC vs. the older tokens/scope maps, and how `az acr` cache rules and quarantine gating fit a zero-trust pull path. I will provide: - The registry: SKU, `az acr show` output, and whether public network access is enabled or private endpoints are used — [REGISTRY] - Access config: role assignments (`az role assignment list --scope <acr id>`), any scope-map tokens, and the admin-user enabled flag — [ACCESS] - How AKS authenticates: attached ACR (`az aks update --attach-acr`), kubelet managed identity, or an imagePullSecret — [AKS_AUTH] - Content policies: retention/purge tasks, quarantine, content trust / image signing (Notation + AKV), and Microsoft Defender for Containers scan status — [POLICIES] - Geo-replication: replicated regions and which AKS regions pull from which replica — [GEOREP] - The goal or symptom: a failed pull, a compliance gap, a cost or latency concern, or a hardening pass — [GOAL] Your job: 1. **Network exposure.** If the SKU is Premium, confirm public network access is Disabled and a private endpoint plus private DNS zone (`privatelink.azurecr.io`) is in place, and that AKS reaches the data endpoint (per-replica data endpoints must each resolve). If the SKU is Basic/Standard, flag that private endpoints are impossible and state the SKU upgrade needed. Call out `Admin user enabled = true` as a shared-credential risk and prefer identity-based auth. 2. **Least-privilege pulls.** Verify AKS uses AcrPull via the kubelet identity (attach-acr) rather than a long-lived username/password secret. For CI push, confirm AcrPush (not Owner/Contributor) scoped to the registry, and prefer repository-scoped ABAC roles or scope-map tokens over registry-wide access. Flag any Owner/Contributor grant used only to pull. 3. **Supply-chain integrity.** Check whether images are scanned (Defender for Containers), whether a quarantine policy blocks unscanned pushes, and whether signing/content trust gates deployment. Recommend enabling scan-on-push and quarantine before recommending anything downstream. 4. **Retention and cost.** Review purge/retention tasks for untagged manifests and old tags; unbounded ACR grows silently. For Premium, tie retention to geo-replication cost (every replica stores every image). 5. **Geo-replication topology.** Confirm each AKS region pulls from a co-located replica for latency and egress, and that a region loss still leaves a readable replica. Flag single-region registries backing multi-region clusters. Output as: (a) findings ranked Critical/High/Medium with the exact setting and why it matters; (b) the minimal `az acr` / `az role assignment` / `az aks` commands to remediate, in safe order; (c) a short verification step (a test pull path) for each fix. Use only the config I provided. If the SKU, network config, or AKS auth method is missing, ask — do not assume Premium features are available.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Why this prompt works
ACR reviews fail when the registry is treated as a passive artifact store instead of the root of the container supply chain. A single over-privileged push credential or an enabled admin user quietly becomes the fastest path to shipping a malicious image into every cluster that trusts the registry. This prompt forces the review to start from network exposure and identity — the two controls that decide whether an attacker can reach or authenticate to the registry at all — before it looks at anything cosmetic.
The second failure mode is SKU blindness. Engineers copy a hardening checklist that assumes private endpoints, geo-replication, content trust, and customer-managed keys, none of which exist below Premium. By requiring the SKU as an input and gating every Premium-only recommendation behind it, the prompt produces advice you can actually apply rather than a list of features your registry cannot turn on.
Finally, the output ties each finding to a concrete az remediation in safe order and a verification pull, so the reviewer ends with a runnable plan and a way to prove the fix — not just a report that the registry “should be more secure.”
Related prompts
-
Azure Front Door WAF Policy Tuning Review Prompt
Review an Azure Front Door / Application Gateway WAF policy to reduce false positives without weakening protection by analyzing managed rule sets, custom rules, rate limits, and blocked-request logs, then recommending scoped exclusions.
-
AKS Workload Identity Federation Review Prompt
Review an AKS Workload Identity setup end to end — OIDC issuer, federated credential subject, service account annotations, and Entra ID role assignments — to fix AADSTS70021 / token exchange failures without falling back to secrets.
-
Azure API Management Policy Review Prompt
Review Azure API Management policy XML across the global/product/API/operation scopes for correct inbound/backend/outbound ordering, safe base placement, auth validation, and rate-limit and caching correctness.
-
Azure Firewall Hub-Spoke Ruleset Review Prompt
Review an Azure Firewall policy in a hub-spoke topology for correct rule collection ordering, least-privilege application/network/DNAT rules, and forced-tunneling gaps before promoting changes.
More Azure with AI prompts & error guides
Browse every Azure with AI prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.