Share this Post

Samuel Baruffi
Samuel Baruffi
AWS Guest Author
 Jan 31, 2023 6 min read

Configuring KMS encryption at rest on ECR repositories with ECR replication


In this blog post, you’ll learn how to configure AWS Key Management Service (AWS KMS) at rest on Amazon Elastic Container Registry (Amazon ECR) with image replication. By default, repository settings aren’t replicated, and with the information contained in this article, we’ll empower your organization to put security first while using the AWS tools and services that your teams are familiar with.

Customers in environments that are sensitive to compliance and regulatory concerns often want to enable encryption whenever possible. Enterprises want to secure their data footprints in transit and at rest, and container images are no exception to this posture.

With AWS KMS and Amazon ECR image replication, we can transfer the images across AWS Regions or AWS accounts, giving your business high availability while protecting your data in transit within the cloud.


For cross-Region replication, below is the diagram for our solution:

Architecture diagram for t and cross-Region Amazon ECR replication with AWS KMS key encryption from us-east-1 to us-west-2

The following diagram shows our …