Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-ecr): Repository construct is missing EncryptionConfiguration #15400

Closed
2 tasks
nikovirtala opened this issue Jul 2, 2021 · 3 comments · Fixed by #16966
Closed
2 tasks

(aws-ecr): Repository construct is missing EncryptionConfiguration #15400

nikovirtala opened this issue Jul 2, 2021 · 3 comments · Fixed by #16966
Labels
@aws-cdk/aws-ecr Related to Amazon Elastic Container Registry effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2

Comments

@nikovirtala
Copy link
Contributor

Add missing EncryptionConfiguration to the ECR Repository construct.

Use Case

I want to be able to encrypt the container images stored to ECR with a KMS customer managed key (CMK).

Proposed Solution

Add missing EncryptionConfiguration to the ECR Repository construct.

Other

This feature has been available on ECR since July 2020:

CloudFormation, as well as the CDK L1 construct, supports it:

You can work around this with an escape hatch, but it should not be necessary.

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@nikovirtala nikovirtala added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 2, 2021
@nikovirtala nikovirtala changed the title (aws-ecs): Repository construct is missing EncryptionConfiguration (aws-ecr): Repository construct is missing EncryptionConfiguration Jul 2, 2021
@github-actions github-actions bot added the @aws-cdk/aws-ecr Related to Amazon Elastic Container Registry label Jul 2, 2021
@madeline-k
Copy link
Contributor

Agreed this would be a great feature to add! @nikovirtala I am triaging this as a p2, which means the CDK team will not be able to prioritize it right now. But we always welcome contributions! Check out the contributing guide for instructions on how to submit a PR.

@madeline-k madeline-k added good first issue Related to contributions. See CONTRIBUTING.md effort/small Small work item – less than a day of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jul 13, 2021
@madeline-k madeline-k removed their assignment Jul 13, 2021
@nohack nohack mentioned this issue Jul 15, 2021
Closed
@nohack
Copy link
Contributor

nohack commented Jul 15, 2021

@madeline-k created a pr for this.thanks.

@Wurstnase Wurstnase mentioned this issue Oct 13, 2021
Merged
@mergify mergify bot closed this as completed in #16966 Jan 31, 2022
mergify bot pushed a commit that referenced this issue Jan 31, 2022
@Wurstnase
feat(ecr): add server-side encryption configuration (#16966)
c46acd5 
fixes #15400

With this request you will be able to configure the encryption of your ECR Repository.

Before this patch you need to use a L1-Construct and add it via:

Python:
```python
repo = ecr.Repository(stack, 'Repo')
cfn_repo = repo.node.default_child
cfn_repo.encryption_configuration = CfnRepository.EncryptionConfigurationProperty(encryption_type="KMS")
```
Now this becomes:
```python
repo = ecr.Repository(stack, 'Repo', encryption_type=ecr.RepositoryEncryption.KMS)
```

When using a KMS Key, the `encryption_type` is set automatically to `KMS`.
```python
kms_key = kms.Key(stack, 'Key')
ecr.Repository(stack, 'Repo', encryption_key=kms_key)
```

Similar to #15571

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Feb 21, 2022
@Wurstnase @TikiTDO
feat(ecr): add server-side encryption configuration (aws#16966)
8311654 
fixes aws#15400

With this request you will be able to configure the encryption of your ECR Repository.

Before this patch you need to use a L1-Construct and add it via:

Python:
```python
repo = ecr.Repository(stack, 'Repo')
cfn_repo = repo.node.default_child
cfn_repo.encryption_configuration = CfnRepository.EncryptionConfigurationProperty(encryption_type="KMS")
```
Now this becomes:
```python
repo = ecr.Repository(stack, 'Repo', encryption_type=ecr.RepositoryEncryption.KMS)
```

When using a KMS Key, the `encryption_type` is set automatically to `KMS`.
```python
kms_key = kms.Key(stack, 'Key')
ecr.Repository(stack, 'Repo', encryption_key=kms_key)
```

Similar to aws#15571

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ecr Related to Amazon Elastic Container Registry effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2
Projects
None yet
Milestone
No milestone
3 participants
@nikovirtala @nohack @madeline-k