Ensure ECR repositories are encrypted

Error: Unencrypted ECR repositories

Bridgecrew Policy ID: BC_AWS_GENERAL_53
Checkov Check ID: CKV_AWS_136
Severity: LOW

Unencrypted ECR repositories

Description

TBA

Fix - Buildtime

Terraform

  • Resource: aws_ecr_repository
  • Argument: encryption_configuration.encryption_type
resource "aws_ecr_repository" "example" {
  ...
  name                 = "bar"
+ encryption_configuration {
+   encryption_type = "KMS"
+ }
}

CloudFormation

  • Resource: AWS::ECR::Repository
  • Argument: Properties.EncryptionConfiguration.EncryptionType
Resources:
  KMSEncryption:
    Type: AWS::ECR::Repository
    Properties: 
      ...
+     EncryptionConfiguration:
+       EncryptionType: "KMS"
        ...

Did this page help you?