AWS ECR Repository has at-rest encryption disabled which may cause sensitive data exposure.
Amazon ECR stores images in Amazon S3 buckets that Amazon ECR manages. By default, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys. To use a customer-managed key, a new repository will need to be created. To do so, follow the steps below.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository