How to enable KMS encryption for AWS ECR when using CloudFormation templates
Question
Reading the AWS documentation regarding ECR CloudFormation template:
See here .
I've not been able to find how to specify the encryption at rest you want. I know by default it uses AES-256. But I want to be able to specify KMS. In simple terms my template looks like this:
Resources:
logicalid:
Type: 'AWS::ECR::Repository'
Properties:
RepositoryName : "repo-name"
ImageScanningConfiguration:
scanOnPush: "true"
ImageTagMutability: "IMMUTABLE"
EncryptionConfiguration:
encryptionType:"KMS"
But EncryptionConfiguration is not a valid option. I assume there must be a way given that the SDK's allow you to specify it:
Any help would be much appreciated. Thanks!
2 answers
solution1
0 ACCPTED 2020-11-27 22:48:52
It is not supported yet . KMS encryption for ECR is rather new and CloudFormation does not have this option yet.
The only way would be to create your ECR repo using custom resource in CloudFormation.
solution2
0 2021-07-28 15:19:02
AWS cloud formation now supports an option to specify KMS to have encryption at rest.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.