Policy: AWS > ECR > Repository > Allowed > Encryption at Rest > Level

Define the encryption at rest rules for when a resource is allowed to exist.

This policy defines the required level of encryption for the resource. It will be evaluated by the Allowed control. If a resource does not meet the defined encryption requirements, it will be subject to the action specified in the Allowed > Encryption at Rest policy.

Targets

This policy targets the following resource types:

AWS > ECR > Repository

Primary Policy

This policy is used with the following primary policy:

AWS > ECR > Repository > Allowed > Encryption at Rest

Customer Managed Key

Controls

Setting this policy configures this control:

AWS > ECR > Repository > Allowed > Encryption at Rest

Policy Specification

Schema Type	`string`
Default	`None or higher`
Valid Values [YAML]	`None` `None or higher` `AWS SSE` `AWS SSE or higher` `AWS managed key` `AWS managed key or higher` `Customer managed key` `Encryption at Rest > Customer Managed Key`
Examples [YAML]	`None or higher`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceAllowed

Policy Type URI

tmod:@turbot/aws-ecr#/policy/types/repositoryAllowedEncryptionAtRestLevel

GraphQL

query policyType(id: "tmod:@turbot/aws-ecr#/policy/types/repositoryAllowedEncryptionAtRestLevel") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-ecr#/policy/types/repositoryAllowedEncryptionAtRestLevel'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-ecr#/policy/types/repositoryAllowedEncryptionAtRestLevel'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-ecr#/policy/types/repositoryAllowedEncryptionAtRestLevel"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-ecr#/policy/types/repositoryAllowedEncryptionAtRestLevel"