Images in the ECR repository are encrypted by default using AWS managed encryption keys. To increase control of the encryption and control the management of factors like key rotation, use a Customer Managed Key.
Using AWS managed keys does not allow for fine grained control
Use customer managed keys
The following example will fail the aws-ecr-repository-customer-key check.
The following example will pass the aws-ecr-repository-customer-key check.