Unencrypted ECR repositories
Description
Encrypting your ECR repositories helps protect your data from unauthorized access or tampering. That way, you can ensure that only authorized users can access and modify the contents of your repositories. Such action can help protect against external threats such as hackers or malware, as well as internal threats such as accidental or unauthorized access.
Code Example
go
resource "aws_ecr_repository" "example" {
...
name = "bar"
+ encryption_configuration {
+ encryption_type = "KMS"
+ }
}Remediation
Terraform
- Resource: aws_ecr_repository
- Arguments: encryption_configuration.encryption_type
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0186 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_136 |