Skip to content

Instantly share code, notes, and snippets.

@iliapolo
Last active May 30, 2021 16:57
Show Gist options
  • Save iliapolo/8eac278b9288db7cc8b45a78ef303627 to your computer and use it in GitHub Desktop.
Save iliapolo/8eac278b9288db7cc8b45a78ef303627 to your computer and use it in GitHub Desktop.
Construct-Hub: Package page documentation example for `@aws-cdk/aws-ecr`

Amazon ECR Construct Library


cfn-resources: Stable

cdk-constructs: Stable


This package contains constructs for working with Amazon Elastic Container Registry.

Repositories

Define a repository by creating a new instance of Repository. A repository holds multiple verions of a single container image.

const repository = new ecr.Repository(this, 'Repository');

Image scanning

Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable imageScanOnPush in the properties

const repository = new ecr.Repository(stack, 'Repo', {
  imageScanOnPush: true
});

To create an onImageScanCompleted event rule and trigger the event target

repository.onImageScanCompleted('ImageScanComplete')
  .addTarget(...)

Authorization Token

Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at Registry Authentication.

A Docker authorization token can be obtained using the GetAuthorizationToken ECR API. The following code snippets grants an IAM user access to call this API.

import * as iam from '@aws-cdk/aws-iam';
import * as ecr from '@aws-cdk/aws-ecr';

const user = new iam.User(this, 'User', { ... });
ecr.AuthorizationToken.grantRead(user);

If you access images in the Public ECR Gallery as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits.

See Pricing in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and Service quotas.

The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery.

import * as iam from '@aws-cdk/aws-iam';
import * as ecr from '@aws-cdk/aws-ecr';

const user = new iam.User(this, 'User', { ... });
ecr.PublicGalleryAuthorizationToken.grantRead(user);

This user can then proceed to login to the registry using one of the authentication methods.

Image tag immutability

You can set tag immutability on images in our repository using the imageTagMutability construct prop.

new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });

Automatically clean up repositories

You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here):

repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 });
repository.addLifecycleRule({ maxImageAge: cdk.Duration.days(30) });

API Reference

Constructs

CfnPublicRepository

A CloudFormation AWS::ECR::PublicRepository.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnPublicRepository(scope: aws_cdk.core.Construct,
                                    id: builtins.str,
                                    repository_catalog_data: typing.Any = None,
                                    repository_name: builtins.str = None,
                                    repository_policy_text: typing.Any = None,
                                    tags: typing.List[aws_cdk.core.CfnTag] = None)
scopeRequired

scope in which this resource is defined.


idRequired
  • Type: builtins.str

scoped id of the resource.


repository_catalog_dataOptional
  • Type: typing.Any

AWS::ECR::PublicRepository.RepositoryCatalogData.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata


repository_nameOptional
  • Type: builtins.str

AWS::ECR::PublicRepository.RepositoryName.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname


repository_policy_textOptional
  • Type: typing.Any

AWS::ECR::PublicRepository.RepositoryPolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext


tagsOptional

AWS::ECR::PublicRepository.Tags.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags


Methods

inspect
def inspect(inspector: aws_cdk.core.TreeInspector)
inspectorRequired

tree inspector to collect and process attributes.


Attributes

attr_arnRequired
  • Type: builtins.str

tagsRequired

AWS::ECR::PublicRepository.Tags.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags


repository_catalog_dataRequired
  • Type: typing.Any

AWS::ECR::PublicRepository.RepositoryCatalogData.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata


repository_policy_textRequired
  • Type: typing.Any

AWS::ECR::PublicRepository.RepositoryPolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext


repository_nameOptional
  • Type: builtins.str

AWS::ECR::PublicRepository.RepositoryName.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname


Constants

CFN_RESOURCE_TYPE_NAME
  • Type: builtins.str

The CloudFormation resource type name for this resource class.


CfnRegistryPolicy

A CloudFormation AWS::ECR::RegistryPolicy.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnRegistryPolicy(scope: aws_cdk.core.Construct,
                                  id: builtins.str,
                                  policy_text: typing.Any)
scopeRequired

scope in which this resource is defined.


idRequired
  • Type: builtins.str

scoped id of the resource.


policy_textRequired
  • Type: typing.Any

AWS::ECR::RegistryPolicy.PolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext


Methods

inspect
def inspect(inspector: aws_cdk.core.TreeInspector)
inspectorRequired

tree inspector to collect and process attributes.


Attributes

attr_registry_idRequired
  • Type: builtins.str

policy_textRequired
  • Type: typing.Any

AWS::ECR::RegistryPolicy.PolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext


Constants

CFN_RESOURCE_TYPE_NAME
  • Type: builtins.str

The CloudFormation resource type name for this resource class.


CfnReplicationConfiguration

A CloudFormation AWS::ECR::ReplicationConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnReplicationConfiguration(scope: aws_cdk.core.Construct,
                                            id: builtins.str,
                                            replication_configuration: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty])
scopeRequired

scope in which this resource is defined.


idRequired
  • Type: builtins.str

scoped id of the resource.


replication_configurationRequired

AWS::ECR::ReplicationConfiguration.ReplicationConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration


Methods

inspect
def inspect(inspector: aws_cdk.core.TreeInspector)
inspectorRequired

tree inspector to collect and process attributes.


Attributes

attr_registry_idRequired
  • Type: builtins.str

replication_configurationRequired

AWS::ECR::ReplicationConfiguration.ReplicationConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration


Constants

CFN_RESOURCE_TYPE_NAME
  • Type: builtins.str

The CloudFormation resource type name for this resource class.


CfnRepository

A CloudFormation AWS::ECR::Repository.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnRepository(scope: aws_cdk.core.Construct,
                              id: builtins.str,
                              encryption_configuration: typing.Any = None,
                              image_scanning_configuration: typing.Any = None,
                              image_tag_mutability: builtins.str = None,
                              lifecycle_policy: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty] = None,
                              repository_name: builtins.str = None,
                              repository_policy_text: typing.Any = None,
                              tags: typing.List[aws_cdk.core.CfnTag] = None)
scopeRequired

scope in which this resource is defined.


idRequired
  • Type: builtins.str

scoped id of the resource.


encryption_configurationOptional
  • Type: typing.Any

AWS::ECR::Repository.EncryptionConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration


image_scanning_configurationOptional
  • Type: typing.Any

AWS::ECR::Repository.ImageScanningConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration


image_tag_mutabilityOptional
  • Type: builtins.str

AWS::ECR::Repository.ImageTagMutability.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability


lifecycle_policyOptional

AWS::ECR::Repository.LifecyclePolicy.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy


repository_nameOptional
  • Type: builtins.str

AWS::ECR::Repository.RepositoryName.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname


repository_policy_textOptional
  • Type: typing.Any

AWS::ECR::Repository.RepositoryPolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext


tagsOptional

AWS::ECR::Repository.Tags.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags


Methods

inspect
def inspect(inspector: aws_cdk.core.TreeInspector)
inspectorRequired

tree inspector to collect and process attributes.


Attributes

attr_arnRequired
  • Type: builtins.str

attr_repository_uriRequired
  • Type: builtins.str

tagsRequired

AWS::ECR::Repository.Tags.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags


encryption_configurationRequired
  • Type: typing.Any

AWS::ECR::Repository.EncryptionConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration


image_scanning_configurationRequired
  • Type: typing.Any

AWS::ECR::Repository.ImageScanningConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration


repository_policy_textRequired
  • Type: typing.Any

AWS::ECR::Repository.RepositoryPolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext


image_tag_mutabilityOptional
  • Type: builtins.str

AWS::ECR::Repository.ImageTagMutability.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability


lifecycle_policyOptional

AWS::ECR::Repository.LifecyclePolicy.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy


repository_nameOptional
  • Type: builtins.str

AWS::ECR::Repository.RepositoryName.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname


Constants

CFN_RESOURCE_TYPE_NAME
  • Type: builtins.str

The CloudFormation resource type name for this resource class.


Repository

Define an ECR repository.

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.Repository(scope: constructs.Construct,
                           id: builtins.str,
                           image_scan_on_push: builtins.bool = None,
                           image_tag_mutability: aws_cdk.aws_ecr.TagMutability = None,
                           lifecycle_registry_id: builtins.str = None,
                           lifecycle_rules: typing.List[aws_cdk.aws_ecr.LifecycleRule] = None,
                           removal_policy: aws_cdk.core.RemovalPolicy = None,
                           repository_name: builtins.str = None)
scopeRequired

idRequired
  • Type: builtins.str

image_scan_on_pushOptional
  • Type: builtins.bool
  • Default: false

Enable the scan on push when creating the repository.


image_tag_mutabilityOptional

The tag mutability setting for the repository.

If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.


lifecycle_registry_idOptional
  • Type: builtins.str
  • Default: The default registry is assumed.

The AWS account ID associated with the registry that contains the repository.

https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html


lifecycle_rulesOptional

Life cycle rules to apply to this registry.


removal_policyOptional

Determine what happens to the repository when the resource/stack is deleted.


repository_nameOptional
  • Type: builtins.str
  • Default: Automatically generated name.

Name for this repository.


Methods

add_lifecycle_rule
def add_lifecycle_rule(description: builtins.str = None,
                       max_image_age: aws_cdk.core.Duration = None,
                       max_image_count: typing.Union[int, float] = None,
                       rule_priority: typing.Union[int, float] = None,
                       tag_prefix_list: typing.List[builtins.str] = None,
                       tag_status: aws_cdk.aws_ecr.TagStatus = None)
descriptionOptional
  • Type: builtins.str
  • Default: No description

Describes the purpose of the rule.


max_image_ageOptional

The maximum age of images to retain. The value must represent a number of days.

Specify exactly one of maxImageCount and maxImageAge.


max_image_countOptional
  • Type: typing.Union[int, float]

The maximum number of images to retain.

Specify exactly one of maxImageCount and maxImageAge.


rule_priorityOptional
  • Type: typing.Union[int, float]
  • Default: Automatically assigned

Controls the order in which rules are evaluated (low to high).

All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image.

There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority.

All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities.


tag_prefix_listOptional
  • Type: typing.List[builtins.str]

Select images that have ALL the given prefixes in their tag.

Only if tagStatus == TagStatus.Tagged


tag_statusOptional

Select images based on tags.

Only one rule is allowed to select untagged images, and it must have the highest rulePriority.


add_to_resource_policy
def add_to_resource_policy(statement: aws_cdk.aws_iam.PolicyStatement)
statementRequired

Static Functions

arn_for_local_repository
import aws_cdk.aws_ecr

aws_cdk.aws_ecr.Repository.arn_for_local_repository(repository_name: builtins.str,
                                                    scope: constructs.IConstruct,
                                                    account: builtins.str = None)
repository_nameRequired
  • Type: builtins.str

scopeRequired

accountOptional
  • Type: builtins.str

from_repository_arn
import aws_cdk.aws_ecr

aws_cdk.aws_ecr.Repository.from_repository_arn(scope: constructs.Construct,
                                               id: builtins.str,
                                               repository_arn: builtins.str)
scopeRequired

idRequired
  • Type: builtins.str

repository_arnRequired
  • Type: builtins.str

from_repository_attributes
import aws_cdk.aws_ecr

aws_cdk.aws_ecr.Repository.from_repository_attributes(scope: constructs.Construct,
                                                      id: builtins.str,
                                                      repository_arn: builtins.str,
                                                      repository_name: builtins.str)
scopeRequired

idRequired
  • Type: builtins.str

repository_arnRequired
  • Type: builtins.str

repository_nameRequired
  • Type: builtins.str

from_repository_name
import aws_cdk.aws_ecr

aws_cdk.aws_ecr.Repository.from_repository_name(scope: constructs.Construct,
                                                id: builtins.str,
                                                repository_name: builtins.str)
scopeRequired

idRequired
  • Type: builtins.str

repository_nameRequired
  • Type: builtins.str

Attributes

repository_arnRequired
  • Type: builtins.str

The ARN of the repository.


repository_nameRequired
  • Type: builtins.str

The name of the repository.


RepositoryBase

Base class for ECR repository.

Reused between imported repositories and owned repositories.

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.RepositoryBase(scope: constructs.Construct,
                               id: builtins.str,
                               account: builtins.str = None,
                               environment_from_arn: builtins.str = None,
                               physical_name: builtins.str = None,
                               region: builtins.str = None)
scopeRequired

idRequired
  • Type: builtins.str

accountOptional
  • Type: builtins.str
  • Default: the resource is in the same account as the stack it belongs to

The AWS account ID this resource belongs to.


environment_from_arnOptional
  • Type: builtins.str
  • Default: take environment from account, region parameters, or use Stack environment.

ARN to deduce region and account from.

The ARN is parsed and the account and region are taken from the ARN. This should be used for imported resources.

Cannot be supplied together with either account or region.


physical_nameOptional
  • Type: builtins.str
  • Default: The physical name will be allocated by CloudFormation at deployment time

The value passed in by users to the physical name prop of the resource.

undefined implies that a physical name will be allocated by CloudFormation during deployment.

  • a concrete value implies a specific physical name
  • PhysicalName.GENERATE_IF_NEEDED is a marker that indicates that a physical will only be generated by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.

regionOptional
  • Type: builtins.str
  • Default: the resource is in the same region as the stack it belongs to

The AWS region this resource belongs to.


Methods

add_to_resource_policy
def add_to_resource_policy(statement: aws_cdk.aws_iam.PolicyStatement)
statementRequired

grant
def grant(grantee: aws_cdk.aws_iam.IGrantable,
          actions: builtins.str)
granteeRequired

actionsRequired
  • Type: builtins.str

grant_pull
def grant_pull(grantee: aws_cdk.aws_iam.IGrantable)
granteeRequired

grant_pull_push
def grant_pull_push(grantee: aws_cdk.aws_iam.IGrantable)
granteeRequired

on_cloud_trail_event
def on_cloud_trail_event(id: builtins.str,
                         description: builtins.str = None,
                         event_pattern: aws_cdk.aws_events.EventPattern = None,
                         rule_name: builtins.str = None,
                         target: aws_cdk.aws_events.IRuleTarget = None)
idRequired
  • Type: builtins.str

The id of the rule.


descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


on_cloud_trail_image_pushed
def on_cloud_trail_image_pushed(id: builtins.str,
                                description: builtins.str = None,
                                event_pattern: aws_cdk.aws_events.EventPattern = None,
                                rule_name: builtins.str = None,
                                target: aws_cdk.aws_events.IRuleTarget = None,
                                image_tag: builtins.str = None)
idRequired
  • Type: builtins.str

The id of the rule.


descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


image_tagOptional
  • Type: builtins.str
  • Default: Watch changes to all tags

Only watch changes to this image tag.


on_event
def on_event(id: builtins.str,
             description: builtins.str = None,
             event_pattern: aws_cdk.aws_events.EventPattern = None,
             rule_name: builtins.str = None,
             target: aws_cdk.aws_events.IRuleTarget = None)
idRequired
  • Type: builtins.str

descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


on_image_scan_completed
def on_image_scan_completed(id: builtins.str,
                            description: builtins.str = None,
                            event_pattern: aws_cdk.aws_events.EventPattern = None,
                            rule_name: builtins.str = None,
                            target: aws_cdk.aws_events.IRuleTarget = None,
                            image_tags: typing.List[builtins.str] = None)
idRequired
  • Type: builtins.str

The id of the rule.


descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


image_tagsOptional
  • Type: typing.List[builtins.str]
  • Default: Watch the changes to the repository with all image tags

Only watch changes to the image tags spedified.

Leave it undefined to watch the full repository.


repository_uri_for_digest
def repository_uri_for_digest(digest: builtins.str = None)
digestOptional
  • Type: builtins.str

Optional image digest.


repository_uri_for_tag
def repository_uri_for_tag(tag: builtins.str = None)
tagOptional
  • Type: builtins.str

Optional image tag.


Attributes

repository_arnRequired
  • Type: builtins.str

The ARN of the repository.


repository_nameRequired
  • Type: builtins.str

The name of the repository.


repository_uriRequired
  • Type: builtins.str

The URI of this repository (represents the latest image):.

ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY


Structs

CfnPublicRepositoryProps

Properties for defining a AWS::ECR::PublicRepository.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnPublicRepositoryProps(repository_catalog_data: typing.Any = None,
                                         repository_name: builtins.str = None,
                                         repository_policy_text: typing.Any = None,
                                         tags: typing.List[aws_cdk.core.CfnTag] = None)
repository_catalog_dataOptional
  • Type: typing.Any

AWS::ECR::PublicRepository.RepositoryCatalogData.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata


repository_nameOptional
  • Type: builtins.str

AWS::ECR::PublicRepository.RepositoryName.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname


repository_policy_textOptional
  • Type: typing.Any

AWS::ECR::PublicRepository.RepositoryPolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext


tagsOptional

AWS::ECR::PublicRepository.Tags.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags


CfnRegistryPolicyProps

Properties for defining a AWS::ECR::RegistryPolicy.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnRegistryPolicyProps(policy_text: typing.Any)
policy_textRequired
  • Type: typing.Any

AWS::ECR::RegistryPolicy.PolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext


CfnReplicationConfigurationProps

Properties for defining a AWS::ECR::ReplicationConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnReplicationConfigurationProps(replication_configuration: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty])
replication_configurationRequired

AWS::ECR::ReplicationConfiguration.ReplicationConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration


CfnRepositoryProps

Properties for defining a AWS::ECR::Repository.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnRepositoryProps(encryption_configuration: typing.Any = None,
                                   image_scanning_configuration: typing.Any = None,
                                   image_tag_mutability: builtins.str = None,
                                   lifecycle_policy: typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty] = None,
                                   repository_name: builtins.str = None,
                                   repository_policy_text: typing.Any = None,
                                   tags: typing.List[aws_cdk.core.CfnTag] = None)
encryption_configurationOptional
  • Type: typing.Any

AWS::ECR::Repository.EncryptionConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration


image_scanning_configurationOptional
  • Type: typing.Any

AWS::ECR::Repository.ImageScanningConfiguration.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration


image_tag_mutabilityOptional
  • Type: builtins.str

AWS::ECR::Repository.ImageTagMutability.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability


lifecycle_policyOptional

AWS::ECR::Repository.LifecyclePolicy.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy


repository_nameOptional
  • Type: builtins.str

AWS::ECR::Repository.RepositoryName.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname


repository_policy_textOptional
  • Type: typing.Any

AWS::ECR::Repository.RepositoryPolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext


tagsOptional

AWS::ECR::Repository.Tags.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags


LifecyclePolicyProperty

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty(lifecycle_policy_text: builtins.str = None,
                                                      registry_id: builtins.str = None)
lifecycle_policy_textOptional
  • Type: builtins.str

CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext


registry_idOptional
  • Type: builtins.str

CfnRepository.LifecyclePolicyProperty.RegistryId.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid


LifecycleRule

An ECR life cycle rule.

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.LifecycleRule(description: builtins.str = None,
                              max_image_age: aws_cdk.core.Duration = None,
                              max_image_count: typing.Union[int, float] = None,
                              rule_priority: typing.Union[int, float] = None,
                              tag_prefix_list: typing.List[builtins.str] = None,
                              tag_status: aws_cdk.aws_ecr.TagStatus = None)
descriptionOptional
  • Type: builtins.str
  • Default: No description

Describes the purpose of the rule.


max_image_ageOptional

The maximum age of images to retain. The value must represent a number of days.

Specify exactly one of maxImageCount and maxImageAge.


max_image_countOptional
  • Type: typing.Union[int, float]

The maximum number of images to retain.

Specify exactly one of maxImageCount and maxImageAge.


rule_priorityOptional
  • Type: typing.Union[int, float]
  • Default: Automatically assigned

Controls the order in which rules are evaluated (low to high).

All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image.

There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority.

All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities.


tag_prefix_listOptional
  • Type: typing.List[builtins.str]

Select images that have ALL the given prefixes in their tag.

Only if tagStatus == TagStatus.Tagged


tag_statusOptional

Select images based on tags.

Only one rule is allowed to select untagged images, and it must have the highest rulePriority.


OnCloudTrailImagePushedOptions

Options for the onCloudTrailImagePushed method.

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions(description: builtins.str = None,
                                               event_pattern: aws_cdk.aws_events.EventPattern = None,
                                               rule_name: builtins.str = None,
                                               target: aws_cdk.aws_events.IRuleTarget = None,
                                               image_tag: builtins.str = None)
descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


image_tagOptional
  • Type: builtins.str
  • Default: Watch changes to all tags

Only watch changes to this image tag.


OnImageScanCompletedOptions

Options for the OnImageScanCompleted method.

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.OnImageScanCompletedOptions(description: builtins.str = None,
                                            event_pattern: aws_cdk.aws_events.EventPattern = None,
                                            rule_name: builtins.str = None,
                                            target: aws_cdk.aws_events.IRuleTarget = None,
                                            image_tags: typing.List[builtins.str] = None)
descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


image_tagsOptional
  • Type: typing.List[builtins.str]
  • Default: Watch the changes to the repository with all image tags

Only watch changes to the image tags spedified.

Leave it undefined to watch the full repository.


ReplicationConfigurationProperty

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty(rules: typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty]]])
rulesRequired

CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules


ReplicationDestinationProperty

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty(region: builtins.str,
                                                                           registry_id: builtins.str)
regionRequired
  • Type: builtins.str

CfnReplicationConfiguration.ReplicationDestinationProperty.Region.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region


registry_idRequired
  • Type: builtins.str

CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid


ReplicationRuleProperty

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty(destinations: typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty]]])
destinationsRequired

CfnReplicationConfiguration.ReplicationRuleProperty.Destinations.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations


RepositoryAttributes

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.RepositoryAttributes(repository_arn: builtins.str,
                                     repository_name: builtins.str)
repository_arnRequired
  • Type: builtins.str

repository_nameRequired
  • Type: builtins.str

RepositoryProps

Initializer

import aws_cdk.aws_ecr

aws_cdk.aws_ecr.RepositoryProps(image_scan_on_push: builtins.bool = None,
                                image_tag_mutability: aws_cdk.aws_ecr.TagMutability = None,
                                lifecycle_registry_id: builtins.str = None,
                                lifecycle_rules: typing.List[aws_cdk.aws_ecr.LifecycleRule] = None,
                                removal_policy: aws_cdk.core.RemovalPolicy = None,
                                repository_name: builtins.str = None)
image_scan_on_pushOptional
  • Type: builtins.bool
  • Default: false

Enable the scan on push when creating the repository.


image_tag_mutabilityOptional

The tag mutability setting for the repository.

If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.


lifecycle_registry_idOptional
  • Type: builtins.str
  • Default: The default registry is assumed.

The AWS account ID associated with the registry that contains the repository.

https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html


lifecycle_rulesOptional

Life cycle rules to apply to this registry.


removal_policyOptional

Determine what happens to the repository when the resource/stack is deleted.


repository_nameOptional
  • Type: builtins.str
  • Default: Automatically generated name.

Name for this repository.


Classes

AuthorizationToken

Authorization token to access private ECR repositories in the current environment via Docker CLI.

https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html

Static Functions

grant_read
import aws_cdk.aws_ecr

aws_cdk.aws_ecr.AuthorizationToken.grant_read(grantee: aws_cdk.aws_iam.IGrantable)
granteeRequired

PublicGalleryAuthorizationToken

Authorization token to access the global public ECR Gallery via Docker CLI.

https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth

Static Functions

grant_read
import aws_cdk.aws_ecr

aws_cdk.aws_ecr.PublicGalleryAuthorizationToken.grant_read(grantee: aws_cdk.aws_iam.IGrantable)
granteeRequired

Protocols

IRepository

Represents an ECR repository.

Methods

add_to_resource_policy
def add_to_resource_policy(statement: aws_cdk.aws_iam.PolicyStatement)
statementRequired

grant
def grant(grantee: aws_cdk.aws_iam.IGrantable,
          actions: builtins.str)
granteeRequired

actionsRequired
  • Type: builtins.str

grant_pull
def grant_pull(grantee: aws_cdk.aws_iam.IGrantable)
granteeRequired

grant_pull_push
def grant_pull_push(grantee: aws_cdk.aws_iam.IGrantable)
granteeRequired

on_cloud_trail_event
def on_cloud_trail_event(id: builtins.str,
                         description: builtins.str = None,
                         event_pattern: aws_cdk.aws_events.EventPattern = None,
                         rule_name: builtins.str = None,
                         target: aws_cdk.aws_events.IRuleTarget = None)
idRequired
  • Type: builtins.str

The id of the rule.


descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


on_cloud_trail_image_pushed
def on_cloud_trail_image_pushed(id: builtins.str,
                                description: builtins.str = None,
                                event_pattern: aws_cdk.aws_events.EventPattern = None,
                                rule_name: builtins.str = None,
                                target: aws_cdk.aws_events.IRuleTarget = None,
                                image_tag: builtins.str = None)
idRequired
  • Type: builtins.str

The id of the rule.


descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


image_tagOptional
  • Type: builtins.str
  • Default: Watch changes to all tags

Only watch changes to this image tag.


on_event
def on_event(id: builtins.str,
             description: builtins.str = None,
             event_pattern: aws_cdk.aws_events.EventPattern = None,
             rule_name: builtins.str = None,
             target: aws_cdk.aws_events.IRuleTarget = None)
idRequired
  • Type: builtins.str

descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


on_image_scan_completed
def on_image_scan_completed(id: builtins.str,
                            description: builtins.str = None,
                            event_pattern: aws_cdk.aws_events.EventPattern = None,
                            rule_name: builtins.str = None,
                            target: aws_cdk.aws_events.IRuleTarget = None,
                            image_tags: typing.List[builtins.str] = None)
idRequired
  • Type: builtins.str

The id of the rule.


descriptionOptional
  • Type: builtins.str
  • Default: No description

A description of the rule's purpose.


event_patternOptional

Additional restrictions for the event to route to the specified target.

The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.

https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html


rule_nameOptional
  • Type: builtins.str
  • Default: AWS CloudFormation generates a unique physical ID.

A name for the rule.


targetOptional

The target to register for the event.


image_tagsOptional
  • Type: typing.List[builtins.str]
  • Default: Watch the changes to the repository with all image tags

Only watch changes to the image tags spedified.

Leave it undefined to watch the full repository.


repository_uri_for_digest
def repository_uri_for_digest(digest: builtins.str = None)
digestOptional
  • Type: builtins.str

Image digest to use (tools usually default to the image with the "latest" tag if omitted).


repository_uri_for_tag
def repository_uri_for_tag(tag: builtins.str = None)
tagOptional
  • Type: builtins.str

Image tag to use (tools usually default to "latest" if omitted).


Attributes

nodeRequired

The construct tree node for this construct.


envRequired

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


stackRequired

The stack in which this resource is defined.


repository_arnRequired
  • Type: builtins.str

The ARN of the repository.


repository_nameRequired
  • Type: builtins.str

The name of the repository.


repository_uriRequired
  • Type: builtins.str

The URI of this repository (represents the latest image):.

ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY


Enums

TagMutability

The tag mutability setting for your repository.

MUTABLE

allow image tags to be overwritten.


IMMUTABLE

all image tags within the repository will be immutable which will prevent them from being overwritten.


TagStatus

Select images based on tags.

ANY

Rule applies to all images.


TAGGED

Rule applies to tagged images.


UNTAGGED

Rule applies to untagged images.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment