2023/11/17 - Amazon EC2 Container Registry - 2 new 5 updated api methods
Changes Documentation and operational updates for Amazon ECR, adding support for pull through cache rules for upstream registries that require authentication.
Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.
See also: AWS API Documentation
Request Syntax
client.validate_pull_through_cache_rule(
ecrRepositoryPrefix='string',
registryId='string'
)
string
[REQUIRED]
The repository name prefix associated with the pull through cache rule.
string
The registry ID associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'registryId': 'string',
'upstreamRegistryUrl': 'string',
'credentialArn': 'string',
'isValid': True|False,
'failure': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
isValid (boolean) --
Whether or not the pull through cache rule was validated. If true , Amazon ECR was able to reach the upstream registry and authentication was successful. If false , there was an issue and validation failed. The failure reason indicates the cause.
failure (string) --
The reason the validation failed. For more details about possible causes and how to address them, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide .
Updates an existing pull through cache rule.
See also: AWS API Documentation
Request Syntax
client.update_pull_through_cache_rule(
registryId='string',
ecrRepositoryPrefix='string',
credentialArn='string'
)
string
The Amazon Web Services account ID associated with the registry associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The repository name prefix to use when caching images from the source registry.
string
[REQUIRED]
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'registryId': 'string',
'updatedAt': datetime(2015, 1, 1),
'credentialArn': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was updated.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
{'failures': {'failureCode': {'UpstreamAccessDenied',
'UpstreamTooManyRequests',
'UpstreamUnavailable'}}}
Deletes a list of specified images within a repository. Images are specified with either an imageTag or imageDigest .
You can remove a tag from an image by specifying the image's tag in your request. When you remove the last tag from an image, the image is deleted from your repository.
You can completely delete an image (and all of its tags) by specifying the image's digest in your request.
See also: AWS API Documentation
Request Syntax
client.batch_delete_image(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
]
)
string
The Amazon Web Services account ID associated with the registry that contains the image to delete. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The repository that contains the image to delete.
list
[REQUIRED]
A list of image ID references that correspond to images to delete. The format of the imageIds reference is imageTag=tag or imageDigest=digest .
(dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
dict
Response Syntax
{
'imageIds': [
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
'failures': [
{
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'failureCode': 'InvalidImageDigest'|'InvalidImageTag'|'ImageTagDoesNotMatchDigest'|'ImageNotFound'|'MissingDigestAndTag'|'ImageReferencedByManifestList'|'KmsError'|'UpstreamAccessDenied'|'UpstreamTooManyRequests'|'UpstreamUnavailable',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
imageIds (list) --
The image IDs of the deleted images.
(dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image failure.
imageId (dict) --
The image ID associated with the failure.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
failureCode (string) --
The code associated with the failure.
failureReason (string) --
The reason for the failure.
{'failures': {'failureCode': {'UpstreamAccessDenied',
'UpstreamTooManyRequests',
'UpstreamUnavailable'}}}
Gets detailed information for an image. Images are specified with either an imageTag or imageDigest .
When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.
See also: AWS API Documentation
Request Syntax
client.batch_get_image(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
acceptedMediaTypes=[
'string',
]
)
string
The Amazon Web Services account ID associated with the registry that contains the images to describe. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The repository that contains the images to describe.
list
[REQUIRED]
A list of image ID references that correspond to images to describe. The format of the imageIds reference is imageTag=tag or imageDigest=digest .
(dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
list
The accepted media types for the request.
Valid values: application/vnd.docker.distribution.manifest.v1+json | application/vnd.docker.distribution.manifest.v2+json | application/vnd.oci.image.manifest.v1+json
(string) --
dict
Response Syntax
{
'images': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageManifest': 'string',
'imageManifestMediaType': 'string'
},
],
'failures': [
{
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'failureCode': 'InvalidImageDigest'|'InvalidImageTag'|'ImageTagDoesNotMatchDigest'|'ImageNotFound'|'MissingDigestAndTag'|'ImageReferencedByManifestList'|'KmsError'|'UpstreamAccessDenied'|'UpstreamTooManyRequests'|'UpstreamUnavailable',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
images (list) --
A list of image objects corresponding to the image references in the request.
(dict) --
An object representing an Amazon ECR image.
registryId (string) --
The Amazon Web Services account ID associated with the registry containing the image.
repositoryName (string) --
The name of the repository associated with the image.
imageId (dict) --
An object containing the image tag and image digest associated with an image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageManifest (string) --
The image manifest associated with the image.
imageManifestMediaType (string) --
The manifest media type of the image.
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image failure.
imageId (dict) --
The image ID associated with the failure.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
failureCode (string) --
The code associated with the failure.
failureReason (string) --
The reason for the failure.
{'credentialArn': 'string',
'upstreamRegistry': 'ecr-public | quay | k8s | docker-hub | '
'github-container-registry | azure-container-registry'}
Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
client.create_pull_through_cache_rule(
ecrRepositoryPrefix='string',
upstreamRegistryUrl='string',
registryId='string',
upstreamRegistry='ecr-public'|'quay'|'k8s'|'docker-hub'|'github-container-registry'|'azure-container-registry',
credentialArn='string'
)
string
[REQUIRED]
The repository name prefix to use when caching images from the source registry.
string
[REQUIRED]
The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.
Amazon ECR Public ( ecr-public ) - public.ecr.aws
Docker Hub ( docker-hub ) - registry-1.docker.io
Quay ( quay ) - quay.io
Kubernetes ( k8s ) - registry.k8s.io
GitHub Container Registry ( github-container-registry ) - ghcr.io
Microsoft Azure Container Registry ( azure-container-registry ) - <custom>.azurecr.io
string
The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.
string
The name of the upstream registry.
string
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string',
'upstreamRegistry': 'ecr-public'|'quay'|'k8s'|'docker-hub'|'github-container-registry'|'azure-container-registry',
'credentialArn': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was created.
registryId (string) --
The registry ID associated with the request.
upstreamRegistry (string) --
The name of the upstream registry associated with the pull through cache rule.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
{'credentialArn': 'string'}
Deletes a pull through cache rule.
See also: AWS API Documentation
Request Syntax
client.delete_pull_through_cache_rule(
ecrRepositoryPrefix='string',
registryId='string'
)
string
[REQUIRED]
The Amazon ECR repository prefix associated with the pull through cache rule to delete.
string
The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string',
'credentialArn': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the request.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The timestamp associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
{'pullThroughCacheRules': {'credentialArn': 'string',
'updatedAt': 'timestamp',
'upstreamRegistry': 'ecr-public | quay | k8s | '
'docker-hub | '
'github-container-registry | '
'azure-container-registry'}}
Returns the pull through cache rules for a registry.
See also: AWS API Documentation
Request Syntax
client.describe_pull_through_cache_rules(
registryId='string',
ecrRepositoryPrefixes=[
'string',
],
nextToken='string',
maxResults=123
)
string
The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.
list
The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.
(string) --
string
The nextToken value returned from a previous paginated DescribePullThroughCacheRulesRequest request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
integer
The maximum number of pull through cache rules returned by DescribePullThroughCacheRulesRequest in paginated output. When this parameter is used, DescribePullThroughCacheRulesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribePullThroughCacheRulesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribePullThroughCacheRulesRequest returns up to 100 results and a nextToken value, if applicable.
dict
Response Syntax
{
'pullThroughCacheRules': [
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string',
'credentialArn': 'string',
'upstreamRegistry': 'ecr-public'|'quay'|'k8s'|'docker-hub'|'github-container-registry'|'azure-container-registry',
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
pullThroughCacheRules (list) --
The details of the pull through cache rules.
(dict) --
The details of a pull through cache rule.
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time the pull through cache was created.
registryId (string) --
The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.
credentialArn (string) --
The ARN of the Secrets Manager secret associated with the pull through cache rule.
upstreamRegistry (string) --
The name of the upstream source registry associated with the pull through cache rule.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was last updated.
nextToken (string) --
The nextToken value to include in a future DescribePullThroughCacheRulesRequest request. When the results of a DescribePullThroughCacheRulesRequest request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.