Class CfnRepositoryCreationTemplate.EncryptionConfigurationProperty

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

Inheritance
System.Object
CfnRepositoryCreationTemplate.EncryptionConfigurationProperty
Namespace: Amazon.CDK.AWS.ECR
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class EncryptionConfigurationProperty : Object, CfnRepositoryCreationTemplate.IEncryptionConfigurationProperty
Syntax (vb)
Public Class EncryptionConfigurationProperty
    Inherits Object
    Implements CfnRepositoryCreationTemplate.IEncryptionConfigurationProperty
Remarks

By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.

For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repositorycreationtemplate-encryptionconfiguration.html

ExampleMetadata: fixture=_generated

Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.ECR;

var encryptionConfigurationProperty = new EncryptionConfigurationProperty {
    EncryptionType = "encryptionType",

    // the properties below are optional
    KmsKey = "kmsKey"
};

Synopsis

Constructors

EncryptionConfigurationProperty()

Properties

EncryptionType

The encryption type to use.
KmsKey

If you use the KMS encryption type, specify the AWS KMS key to use for encryption.

Constructors

EncryptionConfigurationProperty()

public EncryptionConfigurationProperty()

Properties

EncryptionType

The encryption type to use.

public string EncryptionType { get; set; }
Property Value

System.String

Remarks

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.

If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the KMS encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repositorycreationtemplate-encryptionconfiguration.html#cfn-ecr-repositorycreationtemplate-encryptionconfiguration-encryptiontype

KmsKey

If you use the KMS encryption type, specify the AWS KMS key to use for encryption.

public string KmsKey { get; set; }
Property Value

System.String

Remarks

The alias, key ID, or full ARN of the AWS KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repositorycreationtemplate-encryptionconfiguration.html#cfn-ecr-repositorycreationtemplate-encryptionconfiguration-kmskey

Implements