2021/09/21 - Amazon EC2 Container Registry - 1 new 3 updated api methods
Changes This release adds additional support for repository replication
Returns the replication status for a specified image.
See also: AWS API Documentation
Request Syntax
client.describe_image_replication_status(
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
registryId='string'
)
string
[REQUIRED]
The name of the repository that the image is in.
dict
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
string
The Amazon Web Services account ID associated with the registry. If you do not specify a registry, the default registry is assumed.
dict
Response Syntax
{
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'replicationStatuses': [
{
'region': 'string',
'registryId': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED',
'failureCode': 'string'
},
]
}
Response Structure
(dict) --
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
replicationStatuses (list) --
The replication status details for the images in the specified repository.
(dict) --
The status of the replication process for an image.
region (string) --
The destination Region for the image replication.
registryId (string) --
The AWS account ID associated with the registry to which the image belongs.
status (string) --
The image replication status.
failureCode (string) --
The failure code for a replication that has failed.
{'registryId': 'string'}
Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
client.create_repository(
registryId='string',
repositoryName='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
imageTagMutability='MUTABLE'|'IMMUTABLE',
imageScanningConfiguration={
'scanOnPush': True|False
},
encryptionConfiguration={
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
)
string
The AWS account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app ) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app ).
list
The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
(dict) --
The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) --
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
string
The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
dict
The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
dict
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) -- [REQUIRED]
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide. .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide. .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
dict
Response Syntax
{
'repository': {
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
},
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
}
}
Response Structure
(dict) --
repository (dict) --
The repository that was created.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test .
registryId (string) --
The Amazon Web Services account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for container image push and pull operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) --
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) --
The encryption type to use.
If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide. .
If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide. .
kmsKey (string) --
If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
{'replicationConfiguration': {'rules': {'repositoryFilters': [{'filter': 'string',
'filterType': 'PREFIX_MATCH'}]}}}
Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.
See also: AWS API Documentation
Request Syntax
client.describe_registry()
dict
Response Syntax
{
'registryId': 'string',
'replicationConfiguration': {
'rules': [
{
'destinations': [
{
'region': 'string',
'registryId': 'string'
},
],
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'PREFIX_MATCH'
},
]
},
]
}
}
Response Structure
(dict) --
registryId (string) --
The ID of the registry.
replicationConfiguration (dict) --
The replication configuration for the registry.
rules (list) --
An array of objects representing the replication destinations and repository filters for a replication configuration.
(dict) --
An array of objects representing the replication destinations and repository filters for a replication configuration.
destinations (list) --
An array of objects representing the destination for a replication rule.
(dict) --
An array of objects representing the destination for a replication rule.
region (string) --
The Region to replicate to.
registryId (string) --
The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.
repositoryFilters (list) --
An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.
(dict) --
The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.
filter (string) --
The repository filter details. When the PREFIX_MATCH filter type is specified, this value is required and should be the repository name prefix to configure replication for.
filterType (string) --
The repository filter type. The only supported value is PREFIX_MATCH , which is a repository name prefix specified with the filter parameter.
{'replicationConfiguration': {'rules': {'repositoryFilters': [{'filter': 'string',
'filterType': 'PREFIX_MATCH'}]}}}
Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide .
Note
When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.
See also: AWS API Documentation
Request Syntax
client.put_replication_configuration(
replicationConfiguration={
'rules': [
{
'destinations': [
{
'region': 'string',
'registryId': 'string'
},
],
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'PREFIX_MATCH'
},
]
},
]
}
)
dict
[REQUIRED]
An object representing the replication configuration for a registry.
rules (list) -- [REQUIRED]
An array of objects representing the replication destinations and repository filters for a replication configuration.
(dict) --
An array of objects representing the replication destinations and repository filters for a replication configuration.
destinations (list) -- [REQUIRED]
An array of objects representing the destination for a replication rule.
(dict) --
An array of objects representing the destination for a replication rule.
region (string) -- [REQUIRED]
The Region to replicate to.
registryId (string) -- [REQUIRED]
The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.
repositoryFilters (list) --
An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.
(dict) --
The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.
filter (string) -- [REQUIRED]
The repository filter details. When the PREFIX_MATCH filter type is specified, this value is required and should be the repository name prefix to configure replication for.
filterType (string) -- [REQUIRED]
The repository filter type. The only supported value is PREFIX_MATCH , which is a repository name prefix specified with the filter parameter.
dict
Response Syntax
{
'replicationConfiguration': {
'rules': [
{
'destinations': [
{
'region': 'string',
'registryId': 'string'
},
],
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'PREFIX_MATCH'
},
]
},
]
}
}
Response Structure
(dict) --
replicationConfiguration (dict) --
The contents of the replication configuration for the registry.
rules (list) --
An array of objects representing the replication destinations and repository filters for a replication configuration.
(dict) --
An array of objects representing the replication destinations and repository filters for a replication configuration.
destinations (list) --
An array of objects representing the destination for a replication rule.
(dict) --
An array of objects representing the destination for a replication rule.
region (string) --
The Region to replicate to.
registryId (string) --
The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.
repositoryFilters (list) --
An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.
(dict) --
The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.
filter (string) --
The repository filter details. When the PREFIX_MATCH filter type is specified, this value is required and should be the repository name prefix to configure replication for.
filterType (string) --
The repository filter type. The only supported value is PREFIX_MATCH , which is a repository name prefix specified with the filter parameter.