Copyright | (c) 2013-2021 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Documentation
data EncryptionConfiguration Source #
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
By default, when no encryption configuration is set or the AES256
encryption type is used, Amazon ECR uses server-side encryption with
Amazon S3-managed encryption keys which encrypts your data at rest using
an AES-256 encryption algorithm. This does not require any action on
your part.
For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.
See: newEncryptionConfiguration
smart constructor.
EncryptionConfiguration' | |
|
Instances
newEncryptionConfiguration Source #
Create a value of EncryptionConfiguration
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:kmsKey:EncryptionConfiguration'
, encryptionConfiguration_kmsKey
- If you use the KMS
encryption type, specify the KMS key to use for
encryption. The alias, key ID, or full ARN of the KMS key can be
specified. The key must exist in the same Region as the repository. If
no key is specified, the default Amazon Web Services managed KMS key for
Amazon ECR will be used.
$sel:encryptionType:EncryptionConfiguration'
, encryptionConfiguration_encryptionType
- The encryption type to use.
If you use the KMS
encryption type, the contents of the repository
will be encrypted using server-side encryption with Key Management
Service key stored in KMS. When you use KMS to encrypt your data, you
can either use the default Amazon Web Services managed KMS key for
Amazon ECR, or specify your own KMS key, which you already created. For
more information, see
Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)
in the Amazon Simple Storage Service Console Developer Guide..
If you use the AES256
encryption type, Amazon ECR uses server-side
encryption with Amazon S3-managed encryption keys which encrypts the
images in the repository using an AES-256 encryption algorithm. For more
information, see
Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)
in the Amazon Simple Storage Service Console Developer Guide..
encryptionConfiguration_kmsKey :: Lens' EncryptionConfiguration (Maybe Text) Source #
If you use the KMS
encryption type, specify the KMS key to use for
encryption. The alias, key ID, or full ARN of the KMS key can be
specified. The key must exist in the same Region as the repository. If
no key is specified, the default Amazon Web Services managed KMS key for
Amazon ECR will be used.
encryptionConfiguration_encryptionType :: Lens' EncryptionConfiguration EncryptionType Source #
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository
will be encrypted using server-side encryption with Key Management
Service key stored in KMS. When you use KMS to encrypt your data, you
can either use the default Amazon Web Services managed KMS key for
Amazon ECR, or specify your own KMS key, which you already created. For
more information, see
Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)
in the Amazon Simple Storage Service Console Developer Guide..
If you use the AES256
encryption type, Amazon ECR uses server-side
encryption with Amazon S3-managed encryption keys which encrypts the
images in the repository using an AES-256 encryption algorithm. For more
information, see
Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)
in the Amazon Simple Storage Service Console Developer Guide..