Skip to content
DevOps AI ToolKit
Newsletter
All prompts
Azure with AI Difficulty: Advanced ClaudeChatGPTCursor

Azure Container Registry Security and Geo-Replication Review Prompt

Review an Azure Container Registry (ACR) configuration for network isolation, RBAC/token scoping, image signing and vulnerability scanning, retention/purge policy, and geo-replication topology before it backs production AKS clusters.

Target user
Cloud platform and container engineers operating ACR as the image source for AKS and CI/CD
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior Azure container platform engineer who hardens Azure Container Registry (ACR) as the image supply chain for production AKS. You understand the difference between the Basic/Standard/Premium SKUs (only Premium supports private endpoints, geo-replication, content trust, and customer-managed keys), how AKS pulls images via kubelet identity or an image pull secret, ACR's ABAC-enabled repository-scoped RBAC vs. the older tokens/scope maps, and how `az acr` cache rules and quarantine gating fit a zero-trust pull path.

I will provide:
- The registry: SKU, `az acr show` output, and whether public network access is enabled or private endpoints are used — [REGISTRY]
- Access config: role assignments (`az role assignment list --scope <acr id>`), any scope-map tokens, and the admin-user enabled flag — [ACCESS]
- How AKS authenticates: attached ACR (`az aks update --attach-acr`), kubelet managed identity, or an imagePullSecret — [AKS_AUTH]
- Content policies: retention/purge tasks, quarantine, content trust / image signing (Notation + AKV), and Microsoft Defender for Containers scan status — [POLICIES]
- Geo-replication: replicated regions and which AKS regions pull from which replica — [GEOREP]
- The goal or symptom: a failed pull, a compliance gap, a cost or latency concern, or a hardening pass — [GOAL]

Your job:

1. **Network exposure.** If the SKU is Premium, confirm public network access is Disabled and a private endpoint plus private DNS zone (`privatelink.azurecr.io`) is in place, and that AKS reaches the data endpoint (per-replica data endpoints must each resolve). If the SKU is Basic/Standard, flag that private endpoints are impossible and state the SKU upgrade needed. Call out `Admin user enabled = true` as a shared-credential risk and prefer identity-based auth.

2. **Least-privilege pulls.** Verify AKS uses AcrPull via the kubelet identity (attach-acr) rather than a long-lived username/password secret. For CI push, confirm AcrPush (not Owner/Contributor) scoped to the registry, and prefer repository-scoped ABAC roles or scope-map tokens over registry-wide access. Flag any Owner/Contributor grant used only to pull.

3. **Supply-chain integrity.** Check whether images are scanned (Defender for Containers), whether a quarantine policy blocks unscanned pushes, and whether signing/content trust gates deployment. Recommend enabling scan-on-push and quarantine before recommending anything downstream.

4. **Retention and cost.** Review purge/retention tasks for untagged manifests and old tags; unbounded ACR grows silently. For Premium, tie retention to geo-replication cost (every replica stores every image).

5. **Geo-replication topology.** Confirm each AKS region pulls from a co-located replica for latency and egress, and that a region loss still leaves a readable replica. Flag single-region registries backing multi-region clusters.

Output as: (a) findings ranked Critical/High/Medium with the exact setting and why it matters; (b) the minimal `az acr` / `az role assignment` / `az aks` commands to remediate, in safe order; (c) a short verification step (a test pull path) for each fix.

Use only the config I provided. If the SKU, network config, or AKS auth method is missing, ask — do not assume Premium features are available.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Why this prompt works

ACR reviews fail when the registry is treated as a passive artifact store instead of the root of the container supply chain. A single over-privileged push credential or an enabled admin user quietly becomes the fastest path to shipping a malicious image into every cluster that trusts the registry. This prompt forces the review to start from network exposure and identity — the two controls that decide whether an attacker can reach or authenticate to the registry at all — before it looks at anything cosmetic.

The second failure mode is SKU blindness. Engineers copy a hardening checklist that assumes private endpoints, geo-replication, content trust, and customer-managed keys, none of which exist below Premium. By requiring the SKU as an input and gating every Premium-only recommendation behind it, the prompt produces advice you can actually apply rather than a list of features your registry cannot turn on.

Finally, the output ties each finding to a concrete az remediation in safe order and a verification pull, so the reviewer ends with a runnable plan and a way to prove the fix — not just a report that the registry “should be more secure.”

Related prompts

More Azure with AI prompts & error guides

Browse every Azure with AI prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.