diff --git a/copy_images.tf b/copy_images.tf
index ed05587..2003852 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -1,14 +1,15 @@
 locals {
-  pilot_key = format("%v#%v", "istio/pilot", var.istio_version)
-  proxy_key = format("%v#%v", "istio/proxyv2", var.istio_version)
+  pilot_key      = format("%v#%v", "istio/pilot", var.istio_version)
+  proxy_key      = format("%v#%v", "istio/proxyv2", var.istio_version)
+  ent_ecr_source = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
 
   image_config = [
     {
       enabled         = true
       dest_path       = null
       name            = "istio/pilot"
-      source_image    = "istio/pilot"
-      source_registry = "docker.io"
+      source_image    = "opensource/istio/pilot"
+      source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
       source_tag      = var.istio_version
       tag             = var.istio_version
     },
@@ -16,8 +17,8 @@ locals {
       enabled         = true
       dest_path       = null
       name            = "istio/proxyv2"
-      source_image    = "istio/proxyv2"
-      source_registry = "docker.io"
+      source_image    = "opensource/istio/proxyv2"
+      source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
       source_tag      = var.istio_version
       tag             = var.istio_version
     },
@@ -32,7 +33,22 @@ module "images" {
   image_config     = local.image_config
   tags             = {}
 
-  enable_lifecycle_policy = true
-  lifecycle_policy_all    = true
-  force_delete            = true
+  enable_lifecycle_policy     = true
+  lifecycle_policy_all        = true
+  force_delete                = true
+  lifecycle_policy_keep_count = 5
+
+  source_username = data.aws_ecr_authorization_token.ecr_token.user_name
+  source_password = data.aws_ecr_authorization_token.ecr_token.password
+
+  destination_username = data.aws_ecr_authorization_token.token.user_name
+  destination_password = data.aws_ecr_authorization_token.token.password
+}
+
+data "aws_ecr_authorization_token" "ecr_token" {
+  registry_id = var.account_id
+}
+
+data "aws_ecr_authorization_token" "token" {
+  registry_id = var.account_id
 }
diff --git a/variables.tf b/variables.tf
index bd11eb6..d174d3d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,9 @@
+variable "account_id" {
+  description = "aws account number"
+  type        = string
+  default     = ""
+}
+
 variable "profile" {
   description = "AWS_PROFILE to use to apply the terraform script."
   type        = string