awscc.ecr_repository¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - ecr:DeleteRepository, kms:RetireGrant
update¶
Parent base class for filters and actions.
definitions:
EncryptionConfiguration:
additionalProperties: false
description: 'The encryption configuration for the repository. This determines
how the contents of your repository are encrypted at rest.
By default, when no encryption configuration is set or the AES256 encryption
type is used, Amazon ECR uses server-side encryption with Amazon S3-managed
encryption keys which encrypts your data at rest using an AES-256 encryption
algorithm. This does not require any action on your part.
For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html'
properties:
EncryptionType:
description: The encryption type to use.
enum:
- AES256
- KMS
type: string
KmsKey:
description: If you use the KMS encryption type, specify the CMK to use for
encryption. The alias, key ID, or full ARN of the CMK can be specified.
The key must exist in the same Region as the repository. If no key is specified,
the default AWS managed CMK for Amazon ECR will be used.
maxLength: 2048
minLength: 1
type: string
required:
- EncryptionType
type: object
EncryptionType:
description: The encryption type to use.
enum:
- AES256
- KMS
type: string
ImageScanningConfiguration:
additionalProperties: false
description: The image scanning configuration for the repository. This setting
determines whether images are scanned for known vulnerabilities after being
pushed to the repository.
properties:
ScanOnPush:
description: The setting that determines whether images are scanned after
being pushed to a repository.
type: boolean
type: object
KmsKey:
description: If you use the KMS encryption type, specify the CMK to use for encryption.
The alias, key ID, or full ARN of the CMK can be specified. The key must exist
in the same Region as the repository. If no key is specified, the default AWS
managed CMK for Amazon ECR will be used.
maxLength: 2048
minLength: 1
type: string
LifecyclePolicy:
additionalProperties: false
description: The LifecyclePolicy property type specifies a lifecycle policy. For
information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
properties:
LifecyclePolicyText:
description: The JSON repository policy text to apply to the repository.
maxLength: 30720
minLength: 100
type: string
RegistryId:
description: 'The AWS account ID associated with the registry that contains
the repository. If you do not specify a registry, the default registry is
assumed. '
maxLength: 12
minLength: 12
pattern: ^[0-9]{12}$
type: string
type: object
LifecyclePolicyText:
description: The JSON repository policy text to apply to the repository.
maxLength: 30720
minLength: 100
type: string
RegistryId:
description: 'The AWS account ID associated with the registry that contains the
repository. If you do not specify a registry, the default registry is assumed. '
maxLength: 12
minLength: 12
pattern: ^[0-9]{12}$
type: string
ScanOnPush:
description: The setting that determines whether images are scanned after being
pushed to a repository.
type: boolean
Tag:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1 to
127 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -. '
maxLength: 127
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 1 to
255 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -. '
maxLength: 255
minLength: 1
type: string
required:
- Value
- Key
type: object
properties:
ImageScanningConfiguration:
additionalProperties: false
description: The image scanning configuration for the repository. This setting
determines whether images are scanned for known vulnerabilities after being
pushed to the repository.
properties:
ScanOnPush:
description: The setting that determines whether images are scanned after
being pushed to a repository.
type: boolean
type: object
ImageTagMutability:
description: The image tag mutability setting for the repository.
enum:
- MUTABLE
- IMMUTABLE
type: string
LifecyclePolicy:
additionalProperties: false
description: The LifecyclePolicy property type specifies a lifecycle policy. For
information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
properties:
LifecyclePolicyText:
description: The JSON repository policy text to apply to the repository.
maxLength: 30720
minLength: 100
type: string
RegistryId:
description: 'The AWS account ID associated with the registry that contains
the repository. If you do not specify a registry, the default registry is
assumed. '
maxLength: 12
minLength: 12
pattern: ^[0-9]{12}$
type: string
type: object
RepositoryPolicyText:
description: 'The JSON repository policy text to apply to the repository. For
more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html
in the Amazon Elastic Container Registry User Guide. '
type:
- object
- string
Tags:
description: An array of key-value pairs to apply to this resource.
insertionOrder: false
items:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1
to 127 Unicode characters in length and cannot be prefixed with aws:.
You can use any of the following characters: the set of Unicode letters,
digits, whitespace, _, ., /, =, +, and -. '
maxLength: 127
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 1 to
255 Unicode characters in length and cannot be prefixed with aws:. You
can use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -. '
maxLength: 255
minLength: 1
type: string
required:
- Value
- Key
type: object
maxItems: 50
type: array
uniqueItems: true
type:
enum:
- update
Permissions - ecr:PutLifecyclePolicy, ecr:SetRepositoryPolicy, ecr:TagResource, ecr:UntagResource, ecr:DeleteLifecyclePolicy, ecr:DeleteRepositoryPolicy, ecr:PutImageScanningConfiguration, ecr:PutImageTagMutability, kms:DescribeKey, kms:CreateGrant, kms:RetireGrant