2025/03/11 - Amazon Elastic Container Registry - 5 updated api methods
Changes This release adds Amazon ECR to Amazon ECR pull through cache rules support.
{'customRoleArn': 'string', 'upstreamRegistry': {'ecr'}, 'upstreamRepositoryPrefix': 'string'}
Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry source in your Amazon ECR private registry. For more information, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.
See also: AWS API Documentation
Request Syntax
client.create_pull_through_cache_rule( ecrRepositoryPrefix='string', upstreamRegistryUrl='string', registryId='string', upstreamRegistry='ecr'|'ecr-public'|'quay'|'k8s'|'docker-hub'|'github-container-registry'|'azure-container-registry'|'gitlab-container-registry', credentialArn='string', customRoleArn='string', upstreamRepositoryPrefix='string' )
string
[REQUIRED]
The repository name prefix to use when caching images from the source registry.
string
[REQUIRED]
The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.
Amazon ECR ( ecr) – dkr.ecr.<region>.amazonaws.com
Amazon ECR Public ( ecr-public) – public.ecr.aws
Docker Hub ( docker-hub) – registry-1.docker.io
GitHub Container Registry ( github-container-registry) – ghcr.io
GitLab Container Registry ( gitlab-container-registry) – registry.gitlab.com
Kubernetes ( k8s) – registry.k8s.io
Microsoft Azure Container Registry ( azure-container-registry) – <custom>.azurecr.io
Quay ( quay) – quay.io
string
The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.
string
The name of the upstream registry.
string
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.
string
Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the ECR upstream registry. This role must be in the same account as the registry that you are configuring.
string
The repository name prefix of the upstream registry to match with the upstream repository name. When this field isn't specified, Amazon ECR will use the ROOT.
dict
Response Syntax
{ 'ecrRepositoryPrefix': 'string', 'upstreamRegistryUrl': 'string', 'createdAt': datetime(2015, 1, 1), 'registryId': 'string', 'upstreamRegistry': 'ecr'|'ecr-public'|'quay'|'k8s'|'docker-hub'|'github-container-registry'|'azure-container-registry'|'gitlab-container-registry', 'credentialArn': 'string', 'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string' }
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was created.
registryId (string) --
The registry ID associated with the request.
upstreamRegistry (string) --
The name of the upstream registry associated with the pull through cache rule.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
customRoleArn (string) --
The ARN of the IAM role associated with the pull through cache rule.
upstreamRepositoryPrefix (string) --
The upstream repository prefix associated with the pull through cache rule.
{'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string'}
Deletes a pull through cache rule.
See also: AWS API Documentation
Request Syntax
client.delete_pull_through_cache_rule( ecrRepositoryPrefix='string', registryId='string' )
string
[REQUIRED]
The Amazon ECR repository prefix associated with the pull through cache rule to delete.
string
The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.
dict
Response Syntax
{ 'ecrRepositoryPrefix': 'string', 'upstreamRegistryUrl': 'string', 'createdAt': datetime(2015, 1, 1), 'registryId': 'string', 'credentialArn': 'string', 'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string' }
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the request.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The timestamp associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
customRoleArn (string) --
The ARN of the IAM role associated with the pull through cache rule.
upstreamRepositoryPrefix (string) --
The upstream repository prefix associated with the pull through cache rule.
{'pullThroughCacheRules': {'customRoleArn': 'string', 'upstreamRegistry': {'ecr'}, 'upstreamRepositoryPrefix': 'string'}}
Returns the pull through cache rules for a registry.
See also: AWS API Documentation
Request Syntax
client.describe_pull_through_cache_rules( registryId='string', ecrRepositoryPrefixes=[ 'string', ], nextToken='string', maxResults=123 )
string
The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.
list
The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.
(string) --
string
The nextToken value returned from a previous paginated DescribePullThroughCacheRulesRequest request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
integer
The maximum number of pull through cache rules returned by DescribePullThroughCacheRulesRequest in paginated output. When this parameter is used, DescribePullThroughCacheRulesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribePullThroughCacheRulesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribePullThroughCacheRulesRequest returns up to 100 results and a nextToken value, if applicable.
dict
Response Syntax
{ 'pullThroughCacheRules': [ { 'ecrRepositoryPrefix': 'string', 'upstreamRegistryUrl': 'string', 'createdAt': datetime(2015, 1, 1), 'registryId': 'string', 'credentialArn': 'string', 'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string', 'upstreamRegistry': 'ecr'|'ecr-public'|'quay'|'k8s'|'docker-hub'|'github-container-registry'|'azure-container-registry'|'gitlab-container-registry', 'updatedAt': datetime(2015, 1, 1) }, ], 'nextToken': 'string' }
Response Structure
(dict) --
pullThroughCacheRules (list) --
The details of the pull through cache rules.
(dict) --
The details of a pull through cache rule.
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time the pull through cache was created.
registryId (string) --
The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.
credentialArn (string) --
The ARN of the Secrets Manager secret associated with the pull through cache rule.
customRoleArn (string) --
The ARN of the IAM role associated with the pull through cache rule.
upstreamRepositoryPrefix (string) --
The upstream repository prefix associated with the pull through cache rule.
upstreamRegistry (string) --
The name of the upstream source registry associated with the pull through cache rule.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was last updated.
nextToken (string) --
The nextToken value to include in a future DescribePullThroughCacheRulesRequest request. When the results of a DescribePullThroughCacheRulesRequest request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
{'customRoleArn': 'string'}Response
{'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string'}
Updates an existing pull through cache rule.
See also: AWS API Documentation
Request Syntax
client.update_pull_through_cache_rule( registryId='string', ecrRepositoryPrefix='string', credentialArn='string', customRoleArn='string' )
string
The Amazon Web Services account ID associated with the registry associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The repository name prefix to use when caching images from the source registry.
string
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.
string
Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the ECR upstream registry. This role must be in the same account as the registry that you are configuring.
dict
Response Syntax
{ 'ecrRepositoryPrefix': 'string', 'registryId': 'string', 'updatedAt': datetime(2015, 1, 1), 'credentialArn': 'string', 'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string' }
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
updatedAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was updated.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
customRoleArn (string) --
The ARN of the IAM role associated with the pull through cache rule.
upstreamRepositoryPrefix (string) --
The upstream repository prefix associated with the pull through cache rule.
{'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string'}
Validates an existing pull through cache rule for an upstream registry that requires authentication. This will retrieve the contents of the Amazon Web Services Secrets Manager secret, verify the syntax, and then validate that authentication to the upstream registry is successful.
See also: AWS API Documentation
Request Syntax
client.validate_pull_through_cache_rule( ecrRepositoryPrefix='string', registryId='string' )
string
[REQUIRED]
The repository name prefix associated with the pull through cache rule.
string
The registry ID associated with the pull through cache rule. If you do not specify a registry, the default registry is assumed.
dict
Response Syntax
{ 'ecrRepositoryPrefix': 'string', 'registryId': 'string', 'upstreamRegistryUrl': 'string', 'credentialArn': 'string', 'customRoleArn': 'string', 'upstreamRepositoryPrefix': 'string', 'isValid': True|False, 'failure': 'string' }
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
credentialArn (string) --
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.
customRoleArn (string) --
The ARN of the IAM role associated with the pull through cache rule.
upstreamRepositoryPrefix (string) --
The upstream repository prefix associated with the pull through cache rule.
isValid (boolean) --
Whether or not the pull through cache rule was validated. If true, Amazon ECR was able to reach the upstream registry and authentication was successful. If false, there was an issue and validation failed. The failure reason indicates the cause.
failure (string) --
The reason the validation failed. For more details about possible causes and how to address them, see Using pull through cache rules in the Amazon Elastic Container Registry User Guide.