github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ecr/AVD-AWS-0033/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ecr/AVD-AWS-0033/Terraform.md (about)

     1  
     2  Use customer managed keys
     3  
     4  ```hcl
     5   resource "aws_kms_key" "ecr_kms" {
     6   	enable_key_rotation = true
     7   }
     8   
     9   resource "aws_ecr_repository" "good_example" {
    10   	name                 = "bar"
    11   	image_tag_mutability = "MUTABLE"
    12     
    13   	image_scanning_configuration {
    14   	  scan_on_push = true
    15   	}
    16   
    17   	encryption_configuration {
    18   		encryption_type = "KMS"
    19   		kms_key = aws_kms_key.ecr_kms.key_id
    20   	}
    21     }
    22   
    23  ```
    24  
    25  #### Remediation Links
    26   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository#encryption_configuration
    27