Package software.amazon.awscdk.services.ecr

Interface CfnRepository.EncryptionConfigurationProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnRepository.EncryptionConfigurationProperty.Jsii$Proxy

Enclosing class:

CfnRepository

@Stability(Stable)
public static interface CfnRepository.EncryptionConfigurationProperty
extends software.amazon.jsii.JsiiSerializable

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.

For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ecr.*;
 EncryptionConfigurationProperty encryptionConfigurationProperty = EncryptionConfigurationProperty.builder()
         .encryptionType("encryptionType")
         // the properties below are optional
         .kmsKey("kmsKey")
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-encryptionconfiguration.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnRepository.EncryptionConfigurationProperty.Builder	A builder for CfnRepository.EncryptionConfigurationProperty
static final class	CfnRepository.EncryptionConfigurationProperty.Jsii$Proxy	An implementation for CfnRepository.EncryptionConfigurationProperty

Method Summary

Modifier and Type	Method	Description
static CfnRepository.EncryptionConfigurationProperty.Builder	builder()
String	getEncryptionType()	The encryption type to use.
default String	getKmsKey()	If you use the KMS encryption type, specify the AWS KMS key to use for encryption.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getEncryptionType

@Stability(Stable)
@NotNull
String getEncryptionType()

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-encryptionconfiguration.html#cfn-ecr-repository-encryptionconfiguration-encryptiontype

getKmsKey

@Stability(Stable)
@Nullable
default String getKmsKey()

If you use the KMS encryption type, specify the AWS KMS key to use for encryption.

The alias, key ID, or full ARN of the AWS KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-encryptionconfiguration.html#cfn-ecr-repository-encryptionconfiguration-kmskey

builder

@Stability(Stable)
static CfnRepository.EncryptionConfigurationProperty.Builder builder()

Returns:

a CfnRepository.EncryptionConfigurationProperty.Builder of CfnRepository.EncryptionConfigurationProperty