Allow configuration of ECR repository encryption · serverless/serverless#9083

(5 评论) (0 反应) (0 负责人)JavaScript (46,915 star) (5,734 fork)batch import

cat/lambda-imageenhancementhelp wanted

描述

Use case description

When using Docker images in Lambda, Serverless automatically creates an ECR repository using the default encryption settings, meaning it must be manually managed to use a customer-managed KMS key for encryption.

Proposed solution

Add optional configuration of a customer-managed KMS key for the ECR repository through serverless.yml.

贡献者指南

技术栈: javascriptnodejs
领域: clouddevops
议题类型: feature
难度: 3
预计时间: half day
活动状态: stale
清晰度: mostly clear
前置要求: Basic knowledge of Serverless FrameworkFamiliarity with AWS ECR and KMS
新手友好度: 35
研究方向: Examine how the Serverless Framework creates ECR repositories, likely in the AWS packaging plugin (e.g., `lib/plugins/aws/package/compile/compileFunctions.js`). Look at the default encryption settings and how other infrastructure resources (like S3 buckets) allow custom KMS key configuration. Then propose a new configuration option in `serverless.yml` (e.g., under `provider.ecrRepositoryEncryption`) and implement the logic to pass the KMS key ID to the ECR repository creation API call. Ensure backward compatibility by defaulting to AWS managed keys if no configuration is provided.