2024/07/25 - Amazon EC2 Container Registry - 4 new api methods
Changes API and documentation updates for Amazon ECR, adding support for creating, updating, describing and deleting ECR Repository Creation Template.
Updates an existing repository creation template.
See also: AWS API Documentation
Request Syntax
client.update_repository_creation_template(
prefix='string',
description='string',
encryptionConfiguration={
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
},
resourceTags=[
{
'Key': 'string',
'Value': 'string'
},
],
imageTagMutability='MUTABLE'|'IMMUTABLE',
repositoryPolicy='string',
lifecyclePolicy='string',
appliedFor=[
'REPLICATION'|'PULL_THROUGH_CACHE',
],
customRoleArn='string'
)
string
[REQUIRED]
The repository namespace prefix that matches an existing repository creation template in the registry. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/ . This includes a repository named prod/team1 as well as a repository named prod/repository1 .
To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.
string
A description for the repository creation template.
dict
The encryption configuration to associate with the repository creation template.
encryptionType (string) -- [REQUIRED]
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
list
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) --
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) -- [REQUIRED]
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) -- [REQUIRED]
A value acts as a descriptor within a tag category (key).
string
Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
string
Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
string
Updates the lifecycle policy associated with the specified repository creation template.
list
Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
(string) --
string
The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring.
dict
Response Syntax
{
'registryId': 'string',
'repositoryCreationTemplate': {
'prefix': 'string',
'description': 'string',
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
},
'resourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'repositoryPolicy': 'string',
'lifecyclePolicy': 'string',
'appliedFor': [
'REPLICATION'|'PULL_THROUGH_CACHE',
],
'customRoleArn': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryCreationTemplate (dict) --
The details of the repository creation template associated with the request.
prefix (string) --
The repository namespace prefix associated with the repository creation template.
description (string) --
The description associated with the repository creation template.
encryptionConfiguration (dict) --
The encryption configuration associated with the repository creation template.
encryptionType (string) --
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
resourceTags (list) --
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) --
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) --
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
A value acts as a descriptor within a tag category (key).
imageTagMutability (string) --
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
repositoryPolicy (string) --
he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
lifecyclePolicy (string) --
The lifecycle policy to use for repositories created using the template.
appliedFor (list) --
A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
(string) --
customRoleArn (string) --
The ARN of the role to be assumed by Amazon ECR.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was created.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was last updated.
Deletes a repository creation template.
See also: AWS API Documentation
Request Syntax
client.delete_repository_creation_template(
prefix='string'
)
string
[REQUIRED]
The repository namespace prefix associated with the repository creation template.
dict
Response Syntax
{
'registryId': 'string',
'repositoryCreationTemplate': {
'prefix': 'string',
'description': 'string',
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
},
'resourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'repositoryPolicy': 'string',
'lifecyclePolicy': 'string',
'appliedFor': [
'REPLICATION'|'PULL_THROUGH_CACHE',
],
'customRoleArn': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryCreationTemplate (dict) --
The details of the repository creation template that was deleted.
prefix (string) --
The repository namespace prefix associated with the repository creation template.
description (string) --
The description associated with the repository creation template.
encryptionConfiguration (dict) --
The encryption configuration associated with the repository creation template.
encryptionType (string) --
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
resourceTags (list) --
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) --
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) --
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
A value acts as a descriptor within a tag category (key).
imageTagMutability (string) --
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
repositoryPolicy (string) --
he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
lifecyclePolicy (string) --
The lifecycle policy to use for repositories created using the template.
appliedFor (list) --
A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
(string) --
customRoleArn (string) --
The ARN of the role to be assumed by Amazon ECR.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was created.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was last updated.
Returns details about the repository creation templates in a registry. The prefixes request parameter can be used to return the details for a specific repository creation template.
See also: AWS API Documentation
Request Syntax
client.describe_repository_creation_templates(
prefixes=[
'string',
],
nextToken='string',
maxResults=123
)
list
The repository namespace prefixes associated with the repository creation templates to describe. If this value is not specified, all repository creation templates are returned.
(string) --
string
The nextToken value returned from a previous paginated DescribeRepositoryCreationTemplates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
Note
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
integer
The maximum number of repository results returned by DescribeRepositoryCreationTemplatesRequest in paginated output. When this parameter is used, DescribeRepositoryCreationTemplatesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositoryCreationTemplatesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositoryCreationTemplatesRequest returns up to 100 results and a nextToken value, if applicable.
dict
Response Syntax
{
'registryId': 'string',
'repositoryCreationTemplates': [
{
'prefix': 'string',
'description': 'string',
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
},
'resourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'repositoryPolicy': 'string',
'lifecyclePolicy': 'string',
'appliedFor': [
'REPLICATION'|'PULL_THROUGH_CACHE',
],
'customRoleArn': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryCreationTemplates (list) --
The details of the repository creation templates.
(dict) --
The details of the repository creation template associated with the request.
prefix (string) --
The repository namespace prefix associated with the repository creation template.
description (string) --
The description associated with the repository creation template.
encryptionConfiguration (dict) --
The encryption configuration associated with the repository creation template.
encryptionType (string) --
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
resourceTags (list) --
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) --
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) --
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
A value acts as a descriptor within a tag category (key).
imageTagMutability (string) --
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
repositoryPolicy (string) --
he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
lifecyclePolicy (string) --
The lifecycle policy to use for repositories created using the template.
appliedFor (list) --
A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
(string) --
customRoleArn (string) --
The ARN of the role to be assumed by Amazon ECR.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was created.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was last updated.
nextToken (string) --
The nextToken value to include in a future DescribeRepositoryCreationTemplates request. When the results of a DescribeRepositoryCreationTemplates request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
client.create_repository_creation_template(
prefix='string',
description='string',
encryptionConfiguration={
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
},
resourceTags=[
{
'Key': 'string',
'Value': 'string'
},
],
imageTagMutability='MUTABLE'|'IMMUTABLE',
repositoryPolicy='string',
lifecyclePolicy='string',
appliedFor=[
'REPLICATION'|'PULL_THROUGH_CACHE',
],
customRoleArn='string'
)
string
[REQUIRED]
The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/ . Similarly, a prefix of prod/team would apply to all repositories beginning with prod/team/ .
To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.
Warning
There is always an assumed / applied to the end of the prefix. If you specify ecr-public as the prefix, Amazon ECR treats that as ecr-public/ . When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.
string
A description for the repository creation template.
dict
The encryption configuration to use for repositories created using the template.
encryptionType (string) -- [REQUIRED]
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
list
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) --
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) -- [REQUIRED]
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) -- [REQUIRED]
A value acts as a descriptor within a tag category (key).
string
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
string
The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
string
The lifecycle policy to use for repositories created using the template.
list
[REQUIRED]
A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
(string) --
string
The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring.
dict
Response Syntax
{
'registryId': 'string',
'repositoryCreationTemplate': {
'prefix': 'string',
'description': 'string',
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
},
'resourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'repositoryPolicy': 'string',
'lifecyclePolicy': 'string',
'appliedFor': [
'REPLICATION'|'PULL_THROUGH_CACHE',
],
'customRoleArn': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryCreationTemplate (dict) --
The details of the repository creation template associated with the request.
prefix (string) --
The repository namespace prefix associated with the repository creation template.
description (string) --
The description associated with the repository creation template.
encryptionConfiguration (dict) --
The encryption configuration associated with the repository creation template.
encryptionType (string) --
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
resourceTags (list) --
The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) --
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) --
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
A value acts as a descriptor within a tag category (key).
imageTagMutability (string) --
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
repositoryPolicy (string) --
he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
lifecyclePolicy (string) --
The lifecycle policy to use for repositories created using the template.
appliedFor (list) --
A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION
(string) --
customRoleArn (string) --
The ARN of the role to be assumed by Amazon ECR.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was created.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the repository creation template was last updated.