libZSservicesZSamazonka-ecrZSamazonka-ecr
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.ECR.Types.EncryptionConfiguration

Description

 
Synopsis

Documentation

data EncryptionConfiguration Source #

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.

For more control over the encryption of the contents of your repository, you can use server-side encryption with Key Management Service key stored in Key Management Service (KMS) to encrypt your images. For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.

See: newEncryptionConfiguration smart constructor.

Constructors

EncryptionConfiguration' 

Fields

  • kmsKey :: Maybe Text

    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

  • encryptionType :: EncryptionType

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide..

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide..

Instances

Instances details
Eq EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

Read EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

Show EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

Generic EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

Associated Types

type Rep EncryptionConfiguration :: Type -> Type #

NFData EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

Methods

rnf :: EncryptionConfiguration -> () #

Hashable EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

ToJSON EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

FromJSON EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

type Rep EncryptionConfiguration Source # 
Instance details

Defined in Amazonka.ECR.Types.EncryptionConfiguration

type Rep EncryptionConfiguration = D1 ('MetaData "EncryptionConfiguration" "Amazonka.ECR.Types.EncryptionConfiguration" "libZSservicesZSamazonka-ecrZSamazonka-ecr" 'False) (C1 ('MetaCons "EncryptionConfiguration'" 'PrefixI 'True) (S1 ('MetaSel ('Just "kmsKey") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "encryptionType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 EncryptionType)))

newEncryptionConfiguration Source #

Create a value of EncryptionConfiguration with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:kmsKey:EncryptionConfiguration', encryptionConfiguration_kmsKey - If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

$sel:encryptionType:EncryptionConfiguration', encryptionConfiguration_encryptionType - The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide..

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide..

encryptionConfiguration_kmsKey :: Lens' EncryptionConfiguration (Maybe Text) Source #

If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

encryptionConfiguration_encryptionType :: Lens' EncryptionConfiguration EncryptionType Source #

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide..

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide..