awscc.ecr_repository

Filters

  • event

  • reduce

  • value

Actions

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - ecr:DeleteRepository, kms:RetireGrant

update

Parent base class for filters and actions.

definitions:
  EncryptionConfiguration:
    additionalProperties: false
    description: 'The encryption configuration for the repository. This determines
      how the contents of your repository are encrypted at rest.

      By default, when no encryption configuration is set or the AES256 encryption
      type is used, Amazon ECR uses server-side encryption with Amazon S3-managed
      encryption keys which encrypts your data at rest using an AES-256 encryption
      algorithm. This does not require any action on your part.

      For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html'
    properties:
      EncryptionType:
        description: The encryption type to use.
        enum:
        - AES256
        - KMS
        type: string
      KmsKey:
        description: If you use the KMS encryption type, specify the CMK to use for
          encryption. The alias, key ID, or full ARN of the CMK can be specified.
          The key must exist in the same Region as the repository. If no key is specified,
          the default AWS managed CMK for Amazon ECR will be used.
        maxLength: 2048
        minLength: 1
        type: string
    required:
    - EncryptionType
    type: object
  EncryptionType:
    description: The encryption type to use.
    enum:
    - AES256
    - KMS
    type: string
  ImageScanningConfiguration:
    additionalProperties: false
    description: The image scanning configuration for the repository. This setting
      determines whether images are scanned for known vulnerabilities after being
      pushed to the repository.
    properties:
      ScanOnPush:
        description: The setting that determines whether images are scanned after
          being pushed to a repository.
        type: boolean
    type: object
  KmsKey:
    description: If you use the KMS encryption type, specify the CMK to use for encryption.
      The alias, key ID, or full ARN of the CMK can be specified. The key must exist
      in the same Region as the repository. If no key is specified, the default AWS
      managed CMK for Amazon ECR will be used.
    maxLength: 2048
    minLength: 1
    type: string
  LifecyclePolicy:
    additionalProperties: false
    description: The LifecyclePolicy property type specifies a lifecycle policy. For
      information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
    properties:
      LifecyclePolicyText:
        description: The JSON repository policy text to apply to the repository.
        maxLength: 30720
        minLength: 100
        type: string
      RegistryId:
        description: 'The AWS account ID associated with the registry that contains
          the repository. If you do not specify a registry, the default registry is
          assumed. '
        maxLength: 12
        minLength: 12
        pattern: ^[0-9]{12}$
        type: string
    type: object
  LifecyclePolicyText:
    description: The JSON repository policy text to apply to the repository.
    maxLength: 30720
    minLength: 100
    type: string
  RegistryId:
    description: 'The AWS account ID associated with the registry that contains the
      repository. If you do not specify a registry, the default registry is assumed. '
    maxLength: 12
    minLength: 12
    pattern: ^[0-9]{12}$
    type: string
  ScanOnPush:
    description: The setting that determines whether images are scanned after being
      pushed to a repository.
    type: boolean
  Tag:
    additionalProperties: false
    description: A key-value pair to associate with a resource.
    properties:
      Key:
        description: 'The key name of the tag. You can specify a value that is 1 to
          127 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -. '
        maxLength: 127
        minLength: 1
        type: string
      Value:
        description: 'The value for the tag. You can specify a value that is 1 to
          255 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -. '
        maxLength: 255
        minLength: 1
        type: string
    required:
    - Value
    - Key
    type: object
properties:
  ImageScanningConfiguration:
    additionalProperties: false
    description: The image scanning configuration for the repository. This setting
      determines whether images are scanned for known vulnerabilities after being
      pushed to the repository.
    properties:
      ScanOnPush:
        description: The setting that determines whether images are scanned after
          being pushed to a repository.
        type: boolean
    type: object
  ImageTagMutability:
    description: The image tag mutability setting for the repository.
    enum:
    - MUTABLE
    - IMMUTABLE
    type: string
  LifecyclePolicy:
    additionalProperties: false
    description: The LifecyclePolicy property type specifies a lifecycle policy. For
      information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
    properties:
      LifecyclePolicyText:
        description: The JSON repository policy text to apply to the repository.
        maxLength: 30720
        minLength: 100
        type: string
      RegistryId:
        description: 'The AWS account ID associated with the registry that contains
          the repository. If you do not specify a registry, the default registry is
          assumed. '
        maxLength: 12
        minLength: 12
        pattern: ^[0-9]{12}$
        type: string
    type: object
  RepositoryPolicyText:
    description: 'The JSON repository policy text to apply to the repository. For
      more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html
      in the Amazon Elastic Container Registry User Guide. '
    type:
    - object
    - string
  Tags:
    description: An array of key-value pairs to apply to this resource.
    insertionOrder: false
    items:
      additionalProperties: false
      description: A key-value pair to associate with a resource.
      properties:
        Key:
          description: 'The key name of the tag. You can specify a value that is 1
            to 127 Unicode characters in length and cannot be prefixed with aws:.
            You can use any of the following characters: the set of Unicode letters,
            digits, whitespace, _, ., /, =, +, and -. '
          maxLength: 127
          minLength: 1
          type: string
        Value:
          description: 'The value for the tag. You can specify a value that is 1 to
            255 Unicode characters in length and cannot be prefixed with aws:. You
            can use any of the following characters: the set of Unicode letters, digits,
            whitespace, _, ., /, =, +, and -. '
          maxLength: 255
          minLength: 1
          type: string
      required:
      - Value
      - Key
      type: object
    maxItems: 50
    type: array
    uniqueItems: true
  type:
    enum:
    - update

Permissions - ecr:PutLifecyclePolicy, ecr:SetRepositoryPolicy, ecr:TagResource, ecr:UntagResource, ecr:DeleteLifecyclePolicy, ecr:DeleteRepositoryPolicy, ecr:PutImageScanningConfiguration, ecr:PutImageTagMutability, kms:DescribeKey, kms:CreateGrant, kms:RetireGrant