This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.
AWS::ECR::RepositoryCreationTemplate EncryptionConfiguration
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
By default, when no encryption configuration is set or the AES256
            encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption
            keys which encrypts your data at rest using an AES256 encryption algorithm. This does
            not require any action on your part.
For more control over the encryption of the contents of your repository, you can use server-side encryption with Amazon Key Management Service key stored in Amazon Key Management Service (Amazon KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "EncryptionType" :String, "KmsKey" :String}
YAML
EncryptionType:StringKmsKey:String
Properties
- EncryptionType
- 
                    The encryption type to use. If you use the KMSencryption type, the contents of the repository will be encrypted using server-side encryption with Amazon Key Management Service key stored in Amazon KMS. When you use Amazon KMS to encrypt your data, you can either use the default Amazon managed Amazon KMS key for Amazon ECR, or specify your own Amazon KMS key, which you already created.If you use the KMS_DSSEencryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the Amazon KMS Management Service key stored in Amazon KMS. Similar to theKMSencryption type, you can either use the default Amazon managed Amazon KMS key for Amazon ECR, or specify your own Amazon KMS key, which you've already created.If you use the AES256encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide. Required: Yes Type: String Allowed values: AES256 | KMS | KMS_DSSEUpdate requires: No interruption 
- KmsKey
- 
                    If you use the KMSencryption type, specify the Amazon KMS key to use for encryption. The alias, key ID, or full ARN of the Amazon KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon managed Amazon KMS key for Amazon ECR will be used.Required: No Type: String Minimum: 1Maximum: 2048Update requires: No interruption