EncryptionConfigurationForRepositoryCreationTemplate

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Amazon Key Management Service key stored in Amazon KMS. When you use Amazon KMS to encrypt your data, you can either use the default Amazon managed Amazon KMS key for Amazon ECR, or specify your own Amazon KMS key, which you already created. For more information, see Protecting data using server-side encryption with an Amazon KMS key stored in Amazon Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

Type: String

Valid Values: AES256 | KMS

Required: Yes

If you use the KMS encryption type, specify the Amazon KMS key to use for encryption. The full ARN of the Amazon KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon managed Amazon KMS key for Amazon ECR will be used.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: ^$|arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\/[a-z0-9-]+

Required: No