When transferring your container images over HTTPS, Amazon ECR automatically encrypts the images at rest using either AWS KMS or Amazon S3 server-side encryption. Instead of managing credentials directly on your EC2 instances, you may set rules using AWS Identity and Access Management (IAM) users and roles to manage permissions and regulate access to your pictures.