Ensure ECR repositories are encrypted

Error: Unencrypted ECR repositories

Bridgecrew Policy ID: BC_AWS_GENERAL_53
Checkov Check ID: CKV_AWS_136
Severity: LOW

Unencrypted ECR repositories

Description

Encrypting your ECR repositories helps protect your data from unauthorized access or tampering. That way, you can ensure that only authorized users can access and modify the contents of your repositories. Such action can help protect against external threats such as hackers or malware, as well as internal threats such as accidental or unauthorized access.

Fix - Buildtime

Terraform

Resource: aws_ecr_repository
Argument: encryption_configuration.encryption_type

resource "aws_ecr_repository" "example" {
  ...
  name                 = "bar"
+ encryption_configuration {
+   encryption_type = "KMS"
+ }
}

CloudFormation

Resource: AWS::ECR::Repository
Argument: Properties.EncryptionConfiguration.EncryptionType

Resources:
  KMSEncryption:
    Type: AWS::ECR::Repository
    Properties: 
      ...
+     EncryptionConfiguration:
+       EncryptionType: "KMS"
        ...

Updated 11 months ago