This package contains constructs for working with Amazon Elastic Container Registry.
Define a repository by creating a new instance of Repository
. A repository
holds multiple verions of a single container image.
const repository = new ecr.Repository(this, 'Repository');
Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable imageScanOnPush
in the properties
const repository = new ecr.Repository(stack, 'Repo', {
imageScanOnPush: true
});
To create an onImageScanCompleted
event rule and trigger the event target
repository.onImageScanCompleted('ImageScanComplete')
.addTarget(...)
Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at Registry Authentication.
A Docker authorization token can be obtained using the GetAuthorizationToken
ECR API. The following code snippets
grants an IAM user access to call this API.
import * as iam from '@aws-cdk/aws-iam';
import * as ecr from '@aws-cdk/aws-ecr';
const user = new iam.User(this, 'User', { ... });
ecr.AuthorizationToken.grantRead(user);
If you access images in the Public ECR Gallery as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits.
See
Pricing
in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and Service quotas.
The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery.
import * as iam from '@aws-cdk/aws-iam';
import * as ecr from '@aws-cdk/aws-ecr';
const user = new iam.User(this, 'User', { ... });
ecr.PublicGalleryAuthorizationToken.grantRead(user);
This user can then proceed to login to the registry using one of the authentication methods.
You can set tag immutability on images in our repository using the imageTagMutability
construct prop.
new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });
You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here):
repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 });
repository.addLifecycleRule({ maxImageAge: cdk.Duration.days(30) });
- Implements:
aws_cdk.core.IInspectable
A CloudFormation AWS::ECR::PublicRepository
.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnPublicRepository(scope: aws_cdk.core.Construct,
id: builtins.str,
repository_catalog_data: typing.Any = None,
repository_name: builtins.str = None,
repository_policy_text: typing.Any = None,
tags: typing.List[aws_cdk.core.CfnTag] = None)
- Type:
aws_cdk.core.Construct
scope in which this resource is defined.
- Type:
builtins.str
scoped id of the resource.
- Type:
typing.Any
AWS::ECR::PublicRepository.RepositoryCatalogData
.
- Type:
builtins.str
AWS::ECR::PublicRepository.RepositoryName
.
- Type:
typing.Any
AWS::ECR::PublicRepository.RepositoryPolicyText
.
- Type: typing.List[
aws_cdk.core.CfnTag
]
AWS::ECR::PublicRepository.Tags
.
def inspect(inspector: aws_cdk.core.TreeInspector)
tree inspector to collect and process attributes.
- Type:
builtins.str
- Type:
aws_cdk.core.TagManager
AWS::ECR::PublicRepository.Tags
.
- Type:
typing.Any
AWS::ECR::PublicRepository.RepositoryCatalogData
.
- Type:
typing.Any
AWS::ECR::PublicRepository.RepositoryPolicyText
.
- Type:
builtins.str
AWS::ECR::PublicRepository.RepositoryName
.
- Type:
builtins.str
The CloudFormation resource type name for this resource class.
- Implements:
aws_cdk.core.IInspectable
A CloudFormation AWS::ECR::RegistryPolicy
.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnRegistryPolicy(scope: aws_cdk.core.Construct,
id: builtins.str,
policy_text: typing.Any)
- Type:
aws_cdk.core.Construct
scope in which this resource is defined.
- Type:
builtins.str
scoped id of the resource.
- Type:
typing.Any
AWS::ECR::RegistryPolicy.PolicyText
.
def inspect(inspector: aws_cdk.core.TreeInspector)
tree inspector to collect and process attributes.
- Type:
builtins.str
- Type:
typing.Any
AWS::ECR::RegistryPolicy.PolicyText
.
- Type:
builtins.str
The CloudFormation resource type name for this resource class.
- Implements:
aws_cdk.core.IInspectable
A CloudFormation AWS::ECR::ReplicationConfiguration
.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnReplicationConfiguration(scope: aws_cdk.core.Construct,
id: builtins.str,
replication_configuration: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty])
- Type:
aws_cdk.core.Construct
scope in which this resource is defined.
- Type:
builtins.str
scoped id of the resource.
- Type: typing.Union[
aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty
]
AWS::ECR::ReplicationConfiguration.ReplicationConfiguration
.
def inspect(inspector: aws_cdk.core.TreeInspector)
tree inspector to collect and process attributes.
- Type:
builtins.str
- Type: typing.Union[
aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty
]
AWS::ECR::ReplicationConfiguration.ReplicationConfiguration
.
- Type:
builtins.str
The CloudFormation resource type name for this resource class.
- Implements:
aws_cdk.core.IInspectable
A CloudFormation AWS::ECR::Repository
.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnRepository(scope: aws_cdk.core.Construct,
id: builtins.str,
encryption_configuration: typing.Any = None,
image_scanning_configuration: typing.Any = None,
image_tag_mutability: builtins.str = None,
lifecycle_policy: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty] = None,
repository_name: builtins.str = None,
repository_policy_text: typing.Any = None,
tags: typing.List[aws_cdk.core.CfnTag] = None)
- Type:
aws_cdk.core.Construct
scope in which this resource is defined.
- Type:
builtins.str
scoped id of the resource.
- Type:
typing.Any
AWS::ECR::Repository.EncryptionConfiguration
.
- Type:
typing.Any
AWS::ECR::Repository.ImageScanningConfiguration
.
- Type:
builtins.str
AWS::ECR::Repository.ImageTagMutability
.
- Type: typing.Union[
aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty
]
AWS::ECR::Repository.LifecyclePolicy
.
- Type:
builtins.str
AWS::ECR::Repository.RepositoryName
.
- Type:
typing.Any
AWS::ECR::Repository.RepositoryPolicyText
.
- Type: typing.List[
aws_cdk.core.CfnTag
]
AWS::ECR::Repository.Tags
.
def inspect(inspector: aws_cdk.core.TreeInspector)
tree inspector to collect and process attributes.
- Type:
builtins.str
- Type:
builtins.str
- Type:
aws_cdk.core.TagManager
AWS::ECR::Repository.Tags
.
- Type:
typing.Any
AWS::ECR::Repository.EncryptionConfiguration
.
- Type:
typing.Any
AWS::ECR::Repository.ImageScanningConfiguration
.
- Type:
typing.Any
AWS::ECR::Repository.RepositoryPolicyText
.
- Type:
builtins.str
AWS::ECR::Repository.ImageTagMutability
.
- Type: typing.Union[
aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty
]
AWS::ECR::Repository.LifecyclePolicy
.
- Type:
builtins.str
AWS::ECR::Repository.RepositoryName
.
- Type:
builtins.str
The CloudFormation resource type name for this resource class.
Define an ECR repository.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.Repository(scope: constructs.Construct,
id: builtins.str,
image_scan_on_push: builtins.bool = None,
image_tag_mutability: aws_cdk.aws_ecr.TagMutability = None,
lifecycle_registry_id: builtins.str = None,
lifecycle_rules: typing.List[aws_cdk.aws_ecr.LifecycleRule] = None,
removal_policy: aws_cdk.core.RemovalPolicy = None,
repository_name: builtins.str = None)
- Type:
constructs.Construct
- Type:
builtins.str
- Type:
builtins.bool
- Default: false
Enable the scan on push when creating the repository.
- Type:
aws_cdk.aws_ecr.TagMutability
- Default: TagMutability.MUTABLE
The tag mutability setting for the repository.
If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.
- Type:
builtins.str
- Default: The default registry is assumed.
The AWS account ID associated with the registry that contains the repository.
https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html
- Type: typing.List[
aws_cdk.aws_ecr.LifecycleRule
] - Default: No life cycle rules
Life cycle rules to apply to this registry.
- Type:
aws_cdk.core.RemovalPolicy
- Default: RemovalPolicy.Retain
Determine what happens to the repository when the resource/stack is deleted.
- Type:
builtins.str
- Default: Automatically generated name.
Name for this repository.
def add_lifecycle_rule(description: builtins.str = None,
max_image_age: aws_cdk.core.Duration = None,
max_image_count: typing.Union[int, float] = None,
rule_priority: typing.Union[int, float] = None,
tag_prefix_list: typing.List[builtins.str] = None,
tag_status: aws_cdk.aws_ecr.TagStatus = None)
- Type:
builtins.str
- Default: No description
Describes the purpose of the rule.
- Type:
aws_cdk.core.Duration
The maximum age of images to retain. The value must represent a number of days.
Specify exactly one of maxImageCount and maxImageAge.
- Type: typing.Union[
int
,float
]
The maximum number of images to retain.
Specify exactly one of maxImageCount and maxImageAge.
- Type: typing.Union[
int
,float
] - Default: Automatically assigned
Controls the order in which rules are evaluated (low to high).
All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image.
There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority.
All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities.
- Type: typing.List[
builtins.str
]
Select images that have ALL the given prefixes in their tag.
Only if tagStatus == TagStatus.Tagged
- Type:
aws_cdk.aws_ecr.TagStatus
- Default: TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise
Select images based on tags.
Only one rule is allowed to select untagged images, and it must have the highest rulePriority.
def add_to_resource_policy(statement: aws_cdk.aws_iam.PolicyStatement)
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.Repository.arn_for_local_repository(repository_name: builtins.str,
scope: constructs.IConstruct,
account: builtins.str = None)
- Type:
builtins.str
- Type:
constructs.IConstruct
- Type:
builtins.str
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.Repository.from_repository_arn(scope: constructs.Construct,
id: builtins.str,
repository_arn: builtins.str)
- Type:
constructs.Construct
- Type:
builtins.str
- Type:
builtins.str
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.Repository.from_repository_attributes(scope: constructs.Construct,
id: builtins.str,
repository_arn: builtins.str,
repository_name: builtins.str)
- Type:
constructs.Construct
- Type:
builtins.str
- Type:
builtins.str
- Type:
builtins.str
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.Repository.from_repository_name(scope: constructs.Construct,
id: builtins.str,
repository_name: builtins.str)
- Type:
constructs.Construct
- Type:
builtins.str
- Type:
builtins.str
- Type:
builtins.str
The ARN of the repository.
- Type:
builtins.str
The name of the repository.
- Implements:
aws_cdk.aws_ecr.IRepository
Base class for ECR repository.
Reused between imported repositories and owned repositories.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.RepositoryBase(scope: constructs.Construct,
id: builtins.str,
account: builtins.str = None,
environment_from_arn: builtins.str = None,
physical_name: builtins.str = None,
region: builtins.str = None)
- Type:
constructs.Construct
- Type:
builtins.str
- Type:
builtins.str
- Default: the resource is in the same account as the stack it belongs to
The AWS account ID this resource belongs to.
- Type:
builtins.str
- Default: take environment from
account
,region
parameters, or use Stack environment.
ARN to deduce region and account from.
The ARN is parsed and the account and region are taken from the ARN. This should be used for imported resources.
Cannot be supplied together with either account
or region
.
- Type:
builtins.str
- Default: The physical name will be allocated by CloudFormation at deployment time
The value passed in by users to the physical name prop of the resource.
undefined
implies that a physical name will be allocated by
CloudFormation during deployment.
- a concrete value implies a specific physical name
PhysicalName.GENERATE_IF_NEEDED
is a marker that indicates that a physical will only be generated by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
- Type:
builtins.str
- Default: the resource is in the same region as the stack it belongs to
The AWS region this resource belongs to.
def add_to_resource_policy(statement: aws_cdk.aws_iam.PolicyStatement)
def grant(grantee: aws_cdk.aws_iam.IGrantable,
actions: builtins.str)
- Type:
builtins.str
def grant_pull(grantee: aws_cdk.aws_iam.IGrantable)
def grant_pull_push(grantee: aws_cdk.aws_iam.IGrantable)
def on_cloud_trail_event(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None)
- Type:
builtins.str
The id of the rule.
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
def on_cloud_trail_image_pushed(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None,
image_tag: builtins.str = None)
- Type:
builtins.str
The id of the rule.
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
- Type:
builtins.str
- Default: Watch changes to all tags
Only watch changes to this image tag.
def on_event(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None)
- Type:
builtins.str
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
def on_image_scan_completed(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None,
image_tags: typing.List[builtins.str] = None)
- Type:
builtins.str
The id of the rule.
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
- Type: typing.List[
builtins.str
] - Default: Watch the changes to the repository with all image tags
Only watch changes to the image tags spedified.
Leave it undefined to watch the full repository.
def repository_uri_for_digest(digest: builtins.str = None)
- Type:
builtins.str
Optional image digest.
def repository_uri_for_tag(tag: builtins.str = None)
- Type:
builtins.str
Optional image tag.
- Type:
builtins.str
The ARN of the repository.
- Type:
builtins.str
The name of the repository.
- Type:
builtins.str
The URI of this repository (represents the latest image):.
ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY
Properties for defining a AWS::ECR::PublicRepository
.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnPublicRepositoryProps(repository_catalog_data: typing.Any = None,
repository_name: builtins.str = None,
repository_policy_text: typing.Any = None,
tags: typing.List[aws_cdk.core.CfnTag] = None)
- Type:
typing.Any
AWS::ECR::PublicRepository.RepositoryCatalogData
.
- Type:
builtins.str
AWS::ECR::PublicRepository.RepositoryName
.
- Type:
typing.Any
AWS::ECR::PublicRepository.RepositoryPolicyText
.
- Type: typing.List[
aws_cdk.core.CfnTag
]
AWS::ECR::PublicRepository.Tags
.
Properties for defining a AWS::ECR::RegistryPolicy
.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnRegistryPolicyProps(policy_text: typing.Any)
- Type:
typing.Any
AWS::ECR::RegistryPolicy.PolicyText
.
Properties for defining a AWS::ECR::ReplicationConfiguration
.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnReplicationConfigurationProps(replication_configuration: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty])
- Type: typing.Union[
aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty
]
AWS::ECR::ReplicationConfiguration.ReplicationConfiguration
.
Properties for defining a AWS::ECR::Repository
.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnRepositoryProps(encryption_configuration: typing.Any = None,
image_scanning_configuration: typing.Any = None,
image_tag_mutability: builtins.str = None,
lifecycle_policy: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty] = None,
repository_name: builtins.str = None,
repository_policy_text: typing.Any = None,
tags: typing.List[aws_cdk.core.CfnTag] = None)
- Type:
typing.Any
AWS::ECR::Repository.EncryptionConfiguration
.
- Type:
typing.Any
AWS::ECR::Repository.ImageScanningConfiguration
.
- Type:
builtins.str
AWS::ECR::Repository.ImageTagMutability
.
- Type: typing.Union[
aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty
]
AWS::ECR::Repository.LifecyclePolicy
.
- Type:
builtins.str
AWS::ECR::Repository.RepositoryName
.
- Type:
typing.Any
AWS::ECR::Repository.RepositoryPolicyText
.
- Type: typing.List[
aws_cdk.core.CfnTag
]
AWS::ECR::Repository.Tags
.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty(lifecycle_policy_text: builtins.str = None,
registry_id: builtins.str = None)
- Type:
builtins.str
CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText
.
- Type:
builtins.str
CfnRepository.LifecyclePolicyProperty.RegistryId
.
An ECR life cycle rule.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.LifecycleRule(description: builtins.str = None,
max_image_age: aws_cdk.core.Duration = None,
max_image_count: typing.Union[int, float] = None,
rule_priority: typing.Union[int, float] = None,
tag_prefix_list: typing.List[builtins.str] = None,
tag_status: aws_cdk.aws_ecr.TagStatus = None)
- Type:
builtins.str
- Default: No description
Describes the purpose of the rule.
- Type:
aws_cdk.core.Duration
The maximum age of images to retain. The value must represent a number of days.
Specify exactly one of maxImageCount and maxImageAge.
- Type: typing.Union[
int
,float
]
The maximum number of images to retain.
Specify exactly one of maxImageCount and maxImageAge.
- Type: typing.Union[
int
,float
] - Default: Automatically assigned
Controls the order in which rules are evaluated (low to high).
All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image.
There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority.
All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities.
- Type: typing.List[
builtins.str
]
Select images that have ALL the given prefixes in their tag.
Only if tagStatus == TagStatus.Tagged
- Type:
aws_cdk.aws_ecr.TagStatus
- Default: TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise
Select images based on tags.
Only one rule is allowed to select untagged images, and it must have the highest rulePriority.
Options for the onCloudTrailImagePushed method.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions(description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None,
image_tag: builtins.str = None)
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
- Type:
builtins.str
- Default: Watch changes to all tags
Only watch changes to this image tag.
Options for the OnImageScanCompleted method.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.OnImageScanCompletedOptions(description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None,
image_tags: typing.List[builtins.str] = None)
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
- Type: typing.List[
builtins.str
] - Default: Watch the changes to the repository with all image tags
Only watch changes to the image tags spedified.
Leave it undefined to watch the full repository.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty(rules: typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty]]])
- Type: typing.Union[
aws_cdk.core.IResolvable
, typing.List[typing.Union[aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty
]]]
CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules
.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty(region: builtins.str,
registry_id: builtins.str)
- Type:
builtins.str
CfnReplicationConfiguration.ReplicationDestinationProperty.Region
.
- Type:
builtins.str
CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId
.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty(destinations: typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty]]])
- Type: typing.Union[
aws_cdk.core.IResolvable
, typing.List[typing.Union[aws_cdk.core.IResolvable
,aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty
]]]
CfnReplicationConfiguration.ReplicationRuleProperty.Destinations
.
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.RepositoryAttributes(repository_arn: builtins.str,
repository_name: builtins.str)
- Type:
builtins.str
- Type:
builtins.str
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.RepositoryProps(image_scan_on_push: builtins.bool = None,
image_tag_mutability: aws_cdk.aws_ecr.TagMutability = None,
lifecycle_registry_id: builtins.str = None,
lifecycle_rules: typing.List[aws_cdk.aws_ecr.LifecycleRule] = None,
removal_policy: aws_cdk.core.RemovalPolicy = None,
repository_name: builtins.str = None)
- Type:
builtins.bool
- Default: false
Enable the scan on push when creating the repository.
- Type:
aws_cdk.aws_ecr.TagMutability
- Default: TagMutability.MUTABLE
The tag mutability setting for the repository.
If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.
- Type:
builtins.str
- Default: The default registry is assumed.
The AWS account ID associated with the registry that contains the repository.
https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html
- Type: typing.List[
aws_cdk.aws_ecr.LifecycleRule
] - Default: No life cycle rules
Life cycle rules to apply to this registry.
- Type:
aws_cdk.core.RemovalPolicy
- Default: RemovalPolicy.Retain
Determine what happens to the repository when the resource/stack is deleted.
- Type:
builtins.str
- Default: Automatically generated name.
Name for this repository.
Authorization token to access private ECR repositories in the current environment via Docker CLI.
https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.AuthorizationToken.grant_read(grantee: aws_cdk.aws_iam.IGrantable)
Authorization token to access the global public ECR Gallery via Docker CLI.
https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth
import aws_cdk.aws_ecr
aws_cdk.aws_ecr.PublicGalleryAuthorizationToken.grant_read(grantee: aws_cdk.aws_iam.IGrantable)
-
Extends:
aws_cdk.core.IResource
-
Implemented By:
aws_cdk.aws_ecr.Repository
,aws_cdk.aws_ecr.RepositoryBase
,aws_cdk.aws_ecr.IRepository
Represents an ECR repository.
def add_to_resource_policy(statement: aws_cdk.aws_iam.PolicyStatement)
def grant(grantee: aws_cdk.aws_iam.IGrantable,
actions: builtins.str)
- Type:
builtins.str
def grant_pull(grantee: aws_cdk.aws_iam.IGrantable)
def grant_pull_push(grantee: aws_cdk.aws_iam.IGrantable)
def on_cloud_trail_event(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None)
- Type:
builtins.str
The id of the rule.
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
def on_cloud_trail_image_pushed(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None,
image_tag: builtins.str = None)
- Type:
builtins.str
The id of the rule.
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
- Type:
builtins.str
- Default: Watch changes to all tags
Only watch changes to this image tag.
def on_event(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None)
- Type:
builtins.str
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
def on_image_scan_completed(id: builtins.str,
description: builtins.str = None,
event_pattern: aws_cdk.aws_events.EventPattern = None,
rule_name: builtins.str = None,
target: aws_cdk.aws_events.IRuleTarget = None,
image_tags: typing.List[builtins.str] = None)
- Type:
builtins.str
The id of the rule.
- Type:
builtins.str
- Default: No description
A description of the rule's purpose.
- Type:
aws_cdk.aws_events.EventPattern
- Default: No additional filtering based on an event pattern.
Additional restrictions for the event to route to the specified target.
The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
- Type:
builtins.str
- Default: AWS CloudFormation generates a unique physical ID.
A name for the rule.
- Type:
aws_cdk.aws_events.IRuleTarget
- Default: No target is added to the rule. Use
addTarget()
to add a target.
The target to register for the event.
- Type: typing.List[
builtins.str
] - Default: Watch the changes to the repository with all image tags
Only watch changes to the image tags spedified.
Leave it undefined to watch the full repository.
def repository_uri_for_digest(digest: builtins.str = None)
- Type:
builtins.str
Image digest to use (tools usually default to the image with the "latest" tag if omitted).
def repository_uri_for_tag(tag: builtins.str = None)
- Type:
builtins.str
Image tag to use (tools usually default to "latest" if omitted).
The construct tree node for this construct.
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- Type:
aws_cdk.core.Stack
The stack in which this resource is defined.
- Type:
builtins.str
The ARN of the repository.
- Type:
builtins.str
The name of the repository.
- Type:
builtins.str
The URI of this repository (represents the latest image):.
ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY
The tag mutability setting for your repository.
allow image tags to be overwritten.
all image tags within the repository will be immutable which will prevent them from being overwritten.
Select images based on tags.
Rule applies to all images.
Rule applies to tagged images.
Rule applies to untagged images.