fix: swap UV base images to public.ecr.aws Python + uv binary copy (#1461)

Replaces `ghcr.io/astral-sh/uv:python<ver>-bookworm-slim` with
`public.ecr.aws/docker/library/python:<ver>-slim-trixie` and copies
the `uv`/`uvx` binaries from `ghcr.io/astral-sh/uv:latest`.

The bookworm base ships an OpenSSL build affected by a CVE; trixie
ships the patched version (OpenSSL 3.5.5). Python minor versions are
preserved per Dockerfile (3.11/3.12/3.13/3.14) so dependency
resolution is unchanged.

Verified end-to-end on the riskiest Dockerfile
(claude-agent/claude-sdk — apt nodejs via NodeSource, uv pip install,
Python 3.11): image builds, container starts, /ping returns healthy.

01-tutorials/01-AgentCore-runtime/10-managed-session-storage/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.14-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.14-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 WORKDIR /app
 

01-tutorials/06-AgentCore-observability/03-advanced-concepts/03-agentops/02-langfuse/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.12-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

02-use-cases/A2A-multi-agent-incident-response/host_adk_agent/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

02-use-cases/A2A-multi-agent-incident-response/monitoring_strands_agent/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

02-use-cases/A2A-multi-agent-incident-response/web_search_openai_agents/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

02-use-cases/A2A-realestate-agentcore-multiagents/propertybookingagent_strands/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

02-use-cases/A2A-realestate-agentcore-multiagents/propertysearchagent_strands/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

02-use-cases/A2A-realestate-agentcore-multiagents/realestate_coordinator/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

02-use-cases/SRE-agent/Dockerfile

@@ -1,5 +1,5 @@
-# Use uv's ARM64 Python base image
-FROM --platform=linux/arm64 ghcr.io/astral-sh/uv:python3.12-bookworm-slim
+FROM --platform=linux/arm64 public.ecr.aws/docker/library/python:3.12-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 WORKDIR /app
 

02-use-cases/SRE-agent/Dockerfile.x86_64

@@ -1,5 +1,5 @@
-# Use uv's x86_64 Python base image
-FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.12-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 WORKDIR /app
 

02-use-cases/customer-support-assistant-vpc/agent/Dockerfile

@@ -1,5 +1,5 @@
-# Base image
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 # Environment variables
 ENV UV_SYSTEM_PYTHON=1 \

02-use-cases/customer-support-assistant-vpc/mcp_dynamodb/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # Configure UV for container environment

02-use-cases/video-games-sales-assistant/cdk-data-analyst-assistant-agentcore-strands/data-analyst-assistant-agentcore-strands/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

03-integrations/AgentOps-Langfuse/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.12-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

03-integrations/agentic-frameworks/claude-agent/claude-hooks/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.11-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

03-integrations/agentic-frameworks/claude-agent/claude-sdk/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.11-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

03-integrations/agentic-frameworks/claude-agent/claude-sub-agents/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.11-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

03-integrations/agentic-frameworks/claude-agent/claude-with-code-interpreter/Dockerfile

@@ -1,5 +1,5 @@
-# Use uv's ARM64 Python base image
-FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.11-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 ENV UV_SYSTEM_PYTHON=1 \
     UV_PROJECT_ENVIRONMENT="/usr/local/" \

05-blueprints/customer-support-agent-with-agentcore/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # All environment variables in one layer

05-blueprints/end-to-end-customer-service-agent/cx-agent-backend/Dockerfile

@@ -1,5 +1,5 @@
-# Use ARM64 Python 3.11 base image with uv pre-installed
-FROM --platform=linux/arm64 ghcr.io/astral-sh/uv:python3.11-bookworm-slim
+FROM --platform=linux/arm64 public.ecr.aws/docker/library/python:3.11-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 # Set working directory
 WORKDIR /app

05-blueprints/shopping-concierge-agent/concierge_agent/supervisor_agent/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # Configure UV for container environment

05-blueprints/travel-concierge-agent/concierge_agent/supervisor_agent/Dockerfile

@@ -1,4 +1,5 @@
-FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+FROM public.ecr.aws/docker/library/python:3.13-slim-trixie
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 WORKDIR /app
 
 # Configure UV for container environment