diff --git a/aws-ecr-repo/main.tf b/aws-ecr-repo/main.tf
index 811b2d6b..9cfdc38b 100644
--- a/aws-ecr-repo/main.tf
+++ b/aws-ecr-repo/main.tf
@@ -22,6 +22,12 @@ resource "aws_ecr_repository" "repo" {
   name         = var.name
   tags         = var.tags
   force_delete = var.force_delete
+
+  image_tag_mutability = var.tag_mutability ? "MUTABLE" : "IMMUTABLE"
+
+  image_scanning_configuration {
+    scan_on_push = var.scan_on_push
+  }
   lifecycle {
     ignore_changes = [name]
   }
diff --git a/aws-ecr-repo/variables.tf b/aws-ecr-repo/variables.tf
index ea634c5a..d9da6432 100644
--- a/aws-ecr-repo/variables.tf
+++ b/aws-ecr-repo/variables.tf
@@ -54,3 +54,15 @@ variable "force_delete" {
   description = "Allows this ECR repo to be automated deleted with terraform destroy. False by default"
   default     = false
 }
+
+variable "tag_mutability" {
+  type        = bool
+  description = "Whether to allow tag mutability or not. When set to `true` tags can be overwritten (default). When set to `false` tags are immutable."
+  default     = true
+}
+
+variable "scan_on_push" {
+  type        = bool
+  description = "Whether to enable image scan on push, disabled by default."
+  default     = false
+}
\ No newline at end of file
diff --git a/aws-ecr-repo/versions.tf b/aws-ecr-repo/versions.tf
index f18f910f..384f99d8 100644
--- a/aws-ecr-repo/versions.tf
+++ b/aws-ecr-repo/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22.0"
+      version = ">= 5.14.0"
     }
   }
   required_version = ">= 1.0"