Class: AWSCDK::ECR::CfnRepositoryCreationTemplate::EncryptionConfigurationProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
ecr/cfn_repository_creation_template.rb

Overview

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.

For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS ) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(encryption_type:, kms_key: nil) ⇒ EncryptionConfigurationProperty

Returns a new instance of EncryptionConfigurationProperty.

Parameters:

  • encryption_type (String)

    The encryption type to use.

  • kms_key (String, nil) (defaults to: nil)

    If you use the KMS encryption type, specify the AWS key to use for encryption.



631
632
633
634
635
636
# File 'ecr/cfn_repository_creation_template.rb', line 631

def initialize(encryption_type:, kms_key: nil)
  @encryption_type = encryption_type
  Jsii::Type.check_type(@encryption_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "encryptionType")
  @kms_key = kms_key
  Jsii::Type.check_type(@kms_key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "kmsKey") unless @kms_key.nil?
end

Instance Attribute Details

#encryption_typeString (readonly)

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS . When you use AWS to encrypt your data, you can either use the default AWS managed AWS key for Amazon ECR, or specify your own AWS key, which you already created.

If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS Management Service key stored in AWS . Similar to the KMS encryption type, you can either use the default AWS managed AWS key for Amazon ECR, or specify your own AWS key, which you've already created.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .



650
651
652
# File 'ecr/cfn_repository_creation_template.rb', line 650

def encryption_type
  @encryption_type
end

#kms_keyString? (readonly)

If you use the KMS encryption type, specify the AWS key to use for encryption.

The alias, key ID, or full ARN of the AWS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS key for Amazon ECR will be used.



657
658
659
# File 'ecr/cfn_repository_creation_template.rb', line 657

def kms_key
  @kms_key
end

Class Method Details

.jsii_propertiesObject



659
660
661
662
663
664
# File 'ecr/cfn_repository_creation_template.rb', line 659

def self.jsii_properties
  {
    :encryption_type => "encryptionType",
    :kms_key => "kmsKey",
  }
end

Instance Method Details

#to_jsiiObject



666
667
668
669
670
671
672
673
# File 'ecr/cfn_repository_creation_template.rb', line 666

def to_jsii
  result = {}
  result.merge!({
    "encryptionType" => @encryption_type,
    "kmsKey" => @kms_key,
  })
  result.compact
end