Amazon Elastic Container Registry

2024/09/11 - Amazon Elastic Container Registry - 7 updated api methods

Changes  Added KMS_DSSE to EncryptionType

CreateRepository (updated) Link ¶
Changes (request, response)
Request
{'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}
Response
{'repository': {'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}}

Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide .

See also: AWS API Documentation

Request Syntax

client.create_repository(
    registryId='string',
    repositoryName='string',
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    imageTagMutability='MUTABLE'|'IMMUTABLE',
    imageScanningConfiguration={
        'scanOnPush': True|False
    },
    encryptionConfiguration={
        'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
        'kmsKey': 'string'
    }
)
type registryId

string

param registryId

The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.

type repositoryName

string

param repositoryName

[REQUIRED]

The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app ) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app ).

The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.

type tags

list

param tags

The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

  • (dict) --

    The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

    • Key (string) -- [REQUIRED]

      One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

    • Value (string) -- [REQUIRED]

      A value acts as a descriptor within a tag category (key).

type imageTagMutability

string

param imageTagMutability

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

type imageScanningConfiguration

dict

param imageScanningConfiguration

The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.

  • scanOnPush (boolean) --

    The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

type encryptionConfiguration

dict

param encryptionConfiguration

The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

  • encryptionType (string) -- [REQUIRED]

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

    If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

  • kmsKey (string) --

    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

rtype

dict

returns

Response Syntax

{
    'repository': {
        'repositoryArn': 'string',
        'registryId': 'string',
        'repositoryName': 'string',
        'repositoryUri': 'string',
        'createdAt': datetime(2015, 1, 1),
        'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
        'imageScanningConfiguration': {
            'scanOnPush': True|False
        },
        'encryptionConfiguration': {
            'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
            'kmsKey': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • repository (dict) --

      The repository that was created.

      • repositoryArn (string) --

        The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository-namespace/repository-name .

      • registryId (string) --

        The Amazon Web Services account ID associated with the registry that contains the repository.

      • repositoryName (string) --

        The name of the repository.

      • repositoryUri (string) --

        The URI for the repository. You can use this URI for container image push and pull operations.

      • createdAt (datetime) --

        The date and time, in JavaScript date format, when the repository was created.

      • imageTagMutability (string) --

        The tag mutability setting for the repository.

      • imageScanningConfiguration (dict) --

        The image scanning configuration for a repository.

        • scanOnPush (boolean) --

          The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

      • encryptionConfiguration (dict) --

        The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

        • encryptionType (string) --

          The encryption type to use.

          If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

          If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

          If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

        • kmsKey (string) --

          If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

CreateRepositoryCreationTemplate (updated) Link ¶
Changes (request, response)
Request
{'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}
Response
{'repositoryCreationTemplate': {'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}}

Creates a repository creation template. This template is used to define the settings for repositories created by Amazon ECR on your behalf. For example, repositories created through pull through cache actions. For more information, see Private repository creation templates in the Amazon Elastic Container Registry User Guide .

See also: AWS API Documentation

Request Syntax

client.create_repository_creation_template(
    prefix='string',
    description='string',
    encryptionConfiguration={
        'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
        'kmsKey': 'string'
    },
    resourceTags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    imageTagMutability='MUTABLE'|'IMMUTABLE',
    repositoryPolicy='string',
    lifecyclePolicy='string',
    appliedFor=[
        'REPLICATION'|'PULL_THROUGH_CACHE',
    ],
    customRoleArn='string'
)
type prefix

string

param prefix

[REQUIRED]

The repository namespace prefix to associate with the template. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/ . Similarly, a prefix of prod/team would apply to all repositories beginning with prod/team/ .

To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.

Warning

There is always an assumed / applied to the end of the prefix. If you specify ecr-public as the prefix, Amazon ECR treats that as ecr-public/ . When using a pull through cache rule, the repository prefix you specify during rule creation is what you should specify as your repository creation template prefix as well.

type description

string

param description

A description for the repository creation template.

type encryptionConfiguration

dict

param encryptionConfiguration

The encryption configuration to use for repositories created using the template.

  • encryptionType (string) -- [REQUIRED]

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

  • kmsKey (string) --

    If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

type resourceTags

list

param resourceTags

The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

  • (dict) --

    The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

    • Key (string) -- [REQUIRED]

      One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

    • Value (string) -- [REQUIRED]

      A value acts as a descriptor within a tag category (key).

type imageTagMutability

string

param imageTagMutability

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

type repositoryPolicy

string

param repositoryPolicy

The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

type lifecyclePolicy

string

param lifecyclePolicy

The lifecycle policy to use for repositories created using the template.

type appliedFor

list

param appliedFor

[REQUIRED]

A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

  • (string) --

type customRoleArn

string

param customRoleArn

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

rtype

dict

returns

Response Syntax

{
    'registryId': 'string',
    'repositoryCreationTemplate': {
        'prefix': 'string',
        'description': 'string',
        'encryptionConfiguration': {
            'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
            'kmsKey': 'string'
        },
        'resourceTags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
        'repositoryPolicy': 'string',
        'lifecyclePolicy': 'string',
        'appliedFor': [
            'REPLICATION'|'PULL_THROUGH_CACHE',
        ],
        'customRoleArn': 'string',
        'createdAt': datetime(2015, 1, 1),
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • registryId (string) --

      The registry ID associated with the request.

    • repositoryCreationTemplate (dict) --

      The details of the repository creation template associated with the request.

      • prefix (string) --

        The repository namespace prefix associated with the repository creation template.

      • description (string) --

        The description associated with the repository creation template.

      • encryptionConfiguration (dict) --

        The encryption configuration associated with the repository creation template.

        • encryptionType (string) --

          The encryption type to use.

          If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .

          If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

        • kmsKey (string) --

          If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

      • resourceTags (list) --

        The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

        • (dict) --

          The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • Key (string) --

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • Value (string) --

            A value acts as a descriptor within a tag category (key).

      • imageTagMutability (string) --

        The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

      • repositoryPolicy (string) --

        he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

      • lifecyclePolicy (string) --

        The lifecycle policy to use for repositories created using the template.

      • appliedFor (list) --

        A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

        • (string) --

      • customRoleArn (string) --

        The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

      • createdAt (datetime) --

        The date and time, in JavaScript date format, when the repository creation template was created.

      • updatedAt (datetime) --

        The date and time, in JavaScript date format, when the repository creation template was last updated.

DeleteRepository (updated) Link ¶
Changes (response)
{'repository': {'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}}

Deletes a repository. If the repository isn't empty, you must either delete the contents of the repository or use the force option to delete the repository and have Amazon ECR delete all of its contents on your behalf.

See also: AWS API Documentation

Request Syntax

client.delete_repository(
    registryId='string',
    repositoryName='string',
    force=True|False
)
type registryId

string

param registryId

The Amazon Web Services account ID associated with the registry that contains the repository to delete. If you do not specify a registry, the default registry is assumed.

type repositoryName

string

param repositoryName

[REQUIRED]

The name of the repository to delete.

type force

boolean

param force

If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.

rtype

dict

returns

Response Syntax

{
    'repository': {
        'repositoryArn': 'string',
        'registryId': 'string',
        'repositoryName': 'string',
        'repositoryUri': 'string',
        'createdAt': datetime(2015, 1, 1),
        'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
        'imageScanningConfiguration': {
            'scanOnPush': True|False
        },
        'encryptionConfiguration': {
            'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
            'kmsKey': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • repository (dict) --

      The repository that was deleted.

      • repositoryArn (string) --

        The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository-namespace/repository-name .

      • registryId (string) --

        The Amazon Web Services account ID associated with the registry that contains the repository.

      • repositoryName (string) --

        The name of the repository.

      • repositoryUri (string) --

        The URI for the repository. You can use this URI for container image push and pull operations.

      • createdAt (datetime) --

        The date and time, in JavaScript date format, when the repository was created.

      • imageTagMutability (string) --

        The tag mutability setting for the repository.

      • imageScanningConfiguration (dict) --

        The image scanning configuration for a repository.

        • scanOnPush (boolean) --

          The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

      • encryptionConfiguration (dict) --

        The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

        • encryptionType (string) --

          The encryption type to use.

          If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

          If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

          If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

        • kmsKey (string) --

          If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

DeleteRepositoryCreationTemplate (updated) Link ¶
Changes (response)
{'repositoryCreationTemplate': {'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}}

Deletes a repository creation template.

See also: AWS API Documentation

Request Syntax

client.delete_repository_creation_template(
    prefix='string'
)
type prefix

string

param prefix

[REQUIRED]

The repository namespace prefix associated with the repository creation template.

rtype

dict

returns

Response Syntax

{
    'registryId': 'string',
    'repositoryCreationTemplate': {
        'prefix': 'string',
        'description': 'string',
        'encryptionConfiguration': {
            'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
            'kmsKey': 'string'
        },
        'resourceTags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
        'repositoryPolicy': 'string',
        'lifecyclePolicy': 'string',
        'appliedFor': [
            'REPLICATION'|'PULL_THROUGH_CACHE',
        ],
        'customRoleArn': 'string',
        'createdAt': datetime(2015, 1, 1),
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • registryId (string) --

      The registry ID associated with the request.

    • repositoryCreationTemplate (dict) --

      The details of the repository creation template that was deleted.

      • prefix (string) --

        The repository namespace prefix associated with the repository creation template.

      • description (string) --

        The description associated with the repository creation template.

      • encryptionConfiguration (dict) --

        The encryption configuration associated with the repository creation template.

        • encryptionType (string) --

          The encryption type to use.

          If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .

          If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

        • kmsKey (string) --

          If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

      • resourceTags (list) --

        The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

        • (dict) --

          The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • Key (string) --

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • Value (string) --

            A value acts as a descriptor within a tag category (key).

      • imageTagMutability (string) --

        The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

      • repositoryPolicy (string) --

        he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

      • lifecyclePolicy (string) --

        The lifecycle policy to use for repositories created using the template.

      • appliedFor (list) --

        A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

        • (string) --

      • customRoleArn (string) --

        The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

      • createdAt (datetime) --

        The date and time, in JavaScript date format, when the repository creation template was created.

      • updatedAt (datetime) --

        The date and time, in JavaScript date format, when the repository creation template was last updated.

DescribeRepositories (updated) Link ¶
Changes (response)
{'repositories': {'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}}

Describes image repositories in a registry.

See also: AWS API Documentation

Request Syntax

client.describe_repositories(
    registryId='string',
    repositoryNames=[
        'string',
    ],
    nextToken='string',
    maxResults=123
)
type registryId

string

param registryId

The Amazon Web Services account ID associated with the registry that contains the repositories to be described. If you do not specify a registry, the default registry is assumed.

type repositoryNames

list

param repositoryNames

A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.

  • (string) --

type nextToken

string

param nextToken

The nextToken value returned from a previous paginated DescribeRepositories request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify repositories with repositoryNames .

Note

This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

type maxResults

integer

param maxResults

The maximum number of repository results returned by DescribeRepositories in paginated output. When this parameter is used, DescribeRepositories only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositories request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositories returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify repositories with repositoryNames .

rtype

dict

returns

Response Syntax

{
    'repositories': [
        {
            'repositoryArn': 'string',
            'registryId': 'string',
            'repositoryName': 'string',
            'repositoryUri': 'string',
            'createdAt': datetime(2015, 1, 1),
            'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
            'imageScanningConfiguration': {
                'scanOnPush': True|False
            },
            'encryptionConfiguration': {
                'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
                'kmsKey': 'string'
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • repositories (list) --

      A list of repository objects corresponding to valid repositories.

      • (dict) --

        An object representing a repository.

        • repositoryArn (string) --

          The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository-namespace/repository-name .

        • registryId (string) --

          The Amazon Web Services account ID associated with the registry that contains the repository.

        • repositoryName (string) --

          The name of the repository.

        • repositoryUri (string) --

          The URI for the repository. You can use this URI for container image push and pull operations.

        • createdAt (datetime) --

          The date and time, in JavaScript date format, when the repository was created.

        • imageTagMutability (string) --

          The tag mutability setting for the repository.

        • imageScanningConfiguration (dict) --

          The image scanning configuration for a repository.

          • scanOnPush (boolean) --

            The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.

        • encryptionConfiguration (dict) --

          The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.

          • encryptionType (string) --

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

            If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

          • kmsKey (string) --

            If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

    • nextToken (string) --

      The nextToken value to include in a future DescribeRepositories request. When the results of a DescribeRepositories request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

DescribeRepositoryCreationTemplates (updated) Link ¶
Changes (response)
{'repositoryCreationTemplates': {'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}}

Returns details about the repository creation templates in a registry. The prefixes request parameter can be used to return the details for a specific repository creation template.

See also: AWS API Documentation

Request Syntax

client.describe_repository_creation_templates(
    prefixes=[
        'string',
    ],
    nextToken='string',
    maxResults=123
)
type prefixes

list

param prefixes

The repository namespace prefixes associated with the repository creation templates to describe. If this value is not specified, all repository creation templates are returned.

  • (string) --

type nextToken

string

param nextToken

The nextToken value returned from a previous paginated DescribeRepositoryCreationTemplates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

Note

This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

type maxResults

integer

param maxResults

The maximum number of repository results returned by DescribeRepositoryCreationTemplatesRequest in paginated output. When this parameter is used, DescribeRepositoryCreationTemplatesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeRepositoryCreationTemplatesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositoryCreationTemplatesRequest returns up to 100 results and a nextToken value, if applicable.

rtype

dict

returns

Response Syntax

{
    'registryId': 'string',
    'repositoryCreationTemplates': [
        {
            'prefix': 'string',
            'description': 'string',
            'encryptionConfiguration': {
                'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
                'kmsKey': 'string'
            },
            'resourceTags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
            'repositoryPolicy': 'string',
            'lifecyclePolicy': 'string',
            'appliedFor': [
                'REPLICATION'|'PULL_THROUGH_CACHE',
            ],
            'customRoleArn': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • registryId (string) --

      The registry ID associated with the request.

    • repositoryCreationTemplates (list) --

      The details of the repository creation templates.

      • (dict) --

        The details of the repository creation template associated with the request.

        • prefix (string) --

          The repository namespace prefix associated with the repository creation template.

        • description (string) --

          The description associated with the repository creation template.

        • encryptionConfiguration (dict) --

          The encryption configuration associated with the repository creation template.

          • encryptionType (string) --

            The encryption type to use.

            If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .

            If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

          • kmsKey (string) --

            If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

        • resourceTags (list) --

          The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • (dict) --

            The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

            • Key (string) --

              One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

            • Value (string) --

              A value acts as a descriptor within a tag category (key).

        • imageTagMutability (string) --

          The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

        • repositoryPolicy (string) --

          he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

        • lifecyclePolicy (string) --

          The lifecycle policy to use for repositories created using the template.

        • appliedFor (list) --

          A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

          • (string) --

        • customRoleArn (string) --

          The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

        • createdAt (datetime) --

          The date and time, in JavaScript date format, when the repository creation template was created.

        • updatedAt (datetime) --

          The date and time, in JavaScript date format, when the repository creation template was last updated.

    • nextToken (string) --

      The nextToken value to include in a future DescribeRepositoryCreationTemplates request. When the results of a DescribeRepositoryCreationTemplates request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

UpdateRepositoryCreationTemplate (updated) Link ¶
Changes (request, response)
Request
{'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}
Response
{'repositoryCreationTemplate': {'encryptionConfiguration': {'encryptionType': {'KMS_DSSE'}}}}

Updates an existing repository creation template.

See also: AWS API Documentation

Request Syntax

client.update_repository_creation_template(
    prefix='string',
    description='string',
    encryptionConfiguration={
        'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
        'kmsKey': 'string'
    },
    resourceTags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    imageTagMutability='MUTABLE'|'IMMUTABLE',
    repositoryPolicy='string',
    lifecyclePolicy='string',
    appliedFor=[
        'REPLICATION'|'PULL_THROUGH_CACHE',
    ],
    customRoleArn='string'
)
type prefix

string

param prefix

[REQUIRED]

The repository namespace prefix that matches an existing repository creation template in the registry. All repositories created using this namespace prefix will have the settings defined in this template applied. For example, a prefix of prod would apply to all repositories beginning with prod/ . This includes a repository named prod/team1 as well as a repository named prod/repository1 .

To apply a template to all repositories in your registry that don't have an associated creation template, you can use ROOT as the prefix.

type description

string

param description

A description for the repository creation template.

type encryptionConfiguration

dict

param encryptionConfiguration

The encryption configuration to associate with the repository creation template.

  • encryptionType (string) -- [REQUIRED]

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

  • kmsKey (string) --

    If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

type resourceTags

list

param resourceTags

The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

  • (dict) --

    The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

    • Key (string) -- [REQUIRED]

      One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

    • Value (string) -- [REQUIRED]

      A value acts as a descriptor within a tag category (key).

type imageTagMutability

string

param imageTagMutability

Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

type repositoryPolicy

string

param repositoryPolicy

Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

type lifecyclePolicy

string

param lifecyclePolicy

Updates the lifecycle policy associated with the specified repository creation template.

type appliedFor

list

param appliedFor

Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

  • (string) --

type customRoleArn

string

param customRoleArn

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as the registry that you are configuring. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

rtype

dict

returns

Response Syntax

{
    'registryId': 'string',
    'repositoryCreationTemplate': {
        'prefix': 'string',
        'description': 'string',
        'encryptionConfiguration': {
            'encryptionType': 'AES256'|'KMS'|'KMS_DSSE',
            'kmsKey': 'string'
        },
        'resourceTags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
        'repositoryPolicy': 'string',
        'lifecyclePolicy': 'string',
        'appliedFor': [
            'REPLICATION'|'PULL_THROUGH_CACHE',
        ],
        'customRoleArn': 'string',
        'createdAt': datetime(2015, 1, 1),
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • registryId (string) --

      The registry ID associated with the request.

    • repositoryCreationTemplate (dict) --

      The details of the repository creation template associated with the request.

      • prefix (string) --

        The repository namespace prefix associated with the repository creation template.

      • description (string) --

        The description associated with the repository creation template.

      • encryptionConfiguration (dict) --

        The encryption configuration associated with the repository creation template.

        • encryptionType (string) --

          The encryption type to use.

          If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .

          If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .

        • kmsKey (string) --

          If you use the KMS encryption type, specify the KMS key to use for encryption. The full ARN of the KMS key must be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.

      • resourceTags (list) --

        The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

        • (dict) --

          The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • Key (string) --

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • Value (string) --

            A value acts as a descriptor within a tag category (key).

      • imageTagMutability (string) --

        The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

      • repositoryPolicy (string) --

        he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

      • lifecyclePolicy (string) --

        The lifecycle policy to use for repositories created using the template.

      • appliedFor (list) --

        A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

        • (string) --

      • customRoleArn (string) --

        The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.

      • createdAt (datetime) --

        The date and time, in JavaScript date format, when the repository creation template was created.

      • updatedAt (datetime) --

        The date and time, in JavaScript date format, when the repository creation template was last updated.