We recommend new projects start with resources from the AWS provider.
aws-native.ecr.Repository
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::ECR::Repository
resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. For more information, see Amazon ECR private repositories in the Amazon ECR User Guide.
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var lifecyclePolicyText = config.Require("lifecyclePolicyText");
var repositoryName = config.Require("repositoryName");
var registryId = config.Require("registryId");
var myRepository = new AwsNative.Ecr.Repository("myRepository", new()
{
LifecyclePolicy = new AwsNative.Ecr.Inputs.RepositoryLifecyclePolicyArgs
{
LifecyclePolicyText = lifecyclePolicyText,
RegistryId = registryId,
},
RepositoryName = repositoryName,
});
return new Dictionary<string, object?>
{
["arn"] = myRepository.Arn,
};
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ecr"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
lifecyclePolicyText := cfg.Require("lifecyclePolicyText")
repositoryName := cfg.Require("repositoryName")
registryId := cfg.Require("registryId")
myRepository, err := ecr.NewRepository(ctx, "myRepository", &ecr.RepositoryArgs{
LifecyclePolicy: &ecr.RepositoryLifecyclePolicyArgs{
LifecyclePolicyText: pulumi.String(lifecyclePolicyText),
RegistryId: pulumi.String(registryId),
},
RepositoryName: pulumi.String(repositoryName),
})
if err != nil {
return err
}
ctx.Export("arn", myRepository.Arn)
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
config = pulumi.Config()
lifecycle_policy_text = config.require("lifecyclePolicyText")
repository_name = config.require("repositoryName")
registry_id = config.require("registryId")
my_repository = aws_native.ecr.Repository("myRepository",
lifecycle_policy={
"lifecycle_policy_text": lifecycle_policy_text,
"registry_id": registry_id,
},
repository_name=repository_name)
pulumi.export("arn", my_repository.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const config = new pulumi.Config();
const lifecyclePolicyText = config.require("lifecyclePolicyText");
const repositoryName = config.require("repositoryName");
const registryId = config.require("registryId");
const myRepository = new aws_native.ecr.Repository("myRepository", {
lifecyclePolicy: {
lifecyclePolicyText: lifecyclePolicyText,
registryId: registryId,
},
repositoryName: repositoryName,
});
export const arn = myRepository.arn;
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var lifecyclePolicyText = config.Require("lifecyclePolicyText");
var repositoryName = config.Require("repositoryName");
var registryId = config.Require("registryId");
var myRepository = new AwsNative.Ecr.Repository("myRepository", new()
{
LifecyclePolicy = new AwsNative.Ecr.Inputs.RepositoryLifecyclePolicyArgs
{
LifecyclePolicyText = lifecyclePolicyText,
RegistryId = registryId,
},
RepositoryName = repositoryName,
});
return new Dictionary<string, object?>
{
["arn"] = myRepository.Arn,
};
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ecr"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
lifecyclePolicyText := cfg.Require("lifecyclePolicyText")
repositoryName := cfg.Require("repositoryName")
registryId := cfg.Require("registryId")
myRepository, err := ecr.NewRepository(ctx, "myRepository", &ecr.RepositoryArgs{
LifecyclePolicy: &ecr.RepositoryLifecyclePolicyArgs{
LifecyclePolicyText: pulumi.String(lifecyclePolicyText),
RegistryId: pulumi.String(registryId),
},
RepositoryName: pulumi.String(repositoryName),
})
if err != nil {
return err
}
ctx.Export("arn", myRepository.Arn)
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
config = pulumi.Config()
lifecycle_policy_text = config.require("lifecyclePolicyText")
repository_name = config.require("repositoryName")
registry_id = config.require("registryId")
my_repository = aws_native.ecr.Repository("myRepository",
lifecycle_policy={
"lifecycle_policy_text": lifecycle_policy_text,
"registry_id": registry_id,
},
repository_name=repository_name)
pulumi.export("arn", my_repository.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const config = new pulumi.Config();
const lifecyclePolicyText = config.require("lifecyclePolicyText");
const repositoryName = config.require("repositoryName");
const registryId = config.require("registryId");
const myRepository = new aws_native.ecr.Repository("myRepository", {
lifecyclePolicy: {
lifecyclePolicyText: lifecyclePolicyText,
registryId: registryId,
},
repositoryName: repositoryName,
});
export const arn = myRepository.arn;
Coming soon!
Create Repository Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Repository(name: string, args?: RepositoryArgs, opts?: CustomResourceOptions);
@overload
def Repository(resource_name: str,
args: Optional[RepositoryArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Repository(resource_name: str,
opts: Optional[ResourceOptions] = None,
empty_on_delete: Optional[bool] = None,
encryption_configuration: Optional[RepositoryEncryptionConfigurationArgs] = None,
image_scanning_configuration: Optional[RepositoryImageScanningConfigurationArgs] = None,
image_tag_mutability: Optional[RepositoryImageTagMutability] = None,
lifecycle_policy: Optional[RepositoryLifecyclePolicyArgs] = None,
repository_name: Optional[str] = None,
repository_policy_text: Optional[Any] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
func NewRepository(ctx *Context, name string, args *RepositoryArgs, opts ...ResourceOption) (*Repository, error)
public Repository(string name, RepositoryArgs? args = null, CustomResourceOptions? opts = null)
public Repository(String name, RepositoryArgs args)
public Repository(String name, RepositoryArgs args, CustomResourceOptions options)
type: aws-native:ecr:Repository
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RepositoryArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RepositoryArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RepositoryArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RepositoryArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RepositoryArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Repository Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Repository resource accepts the following input properties:
- Empty
On boolDelete - If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
- Encryption
Configuration Pulumi.Aws Native. Ecr. Inputs. Repository Encryption Configuration - The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
- Image
Scanning Pulumi.Configuration Aws Native. Ecr. Inputs. Repository Image Scanning Configuration - The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
- Image
Tag Pulumi.Mutability Aws Native. Ecr. Repository Image Tag Mutability - The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. - Lifecycle
Policy Pulumi.Aws Native. Ecr. Inputs. Repository Lifecycle Policy - Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
- Repository
Name string - The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app
). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - Repository
Policy objectText The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.
Search the CloudFormation User Guide for
AWS::ECR::Repository
for more information about the expected schema for this property.- List<Pulumi.
Aws Native. Inputs. Tag> - An array of key-value pairs to apply to this resource.
- Empty
On boolDelete - If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
- Encryption
Configuration RepositoryEncryption Configuration Args - The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
- Image
Scanning RepositoryConfiguration Image Scanning Configuration Args - The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
- Image
Tag RepositoryMutability Image Tag Mutability - The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. - Lifecycle
Policy RepositoryLifecycle Policy Args - Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
- Repository
Name string - The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app
). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - Repository
Policy interface{}Text The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.
Search the CloudFormation User Guide for
AWS::ECR::Repository
for more information about the expected schema for this property.- Tag
Args - An array of key-value pairs to apply to this resource.
- empty
On BooleanDelete - If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
- encryption
Configuration RepositoryEncryption Configuration - The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
- image
Scanning RepositoryConfiguration Image Scanning Configuration - The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
- image
Tag RepositoryMutability Image Tag Mutability - The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. - lifecycle
Policy RepositoryLifecycle Policy - Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
- repository
Name String - The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app
). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - repository
Policy ObjectText The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.
Search the CloudFormation User Guide for
AWS::ECR::Repository
for more information about the expected schema for this property.- List<Tag>
- An array of key-value pairs to apply to this resource.
- empty
On booleanDelete - If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
- encryption
Configuration RepositoryEncryption Configuration - The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
- image
Scanning RepositoryConfiguration Image Scanning Configuration - The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
- image
Tag RepositoryMutability Image Tag Mutability - The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. - lifecycle
Policy RepositoryLifecycle Policy - Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
- repository
Name string - The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app
). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - repository
Policy anyText The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.
Search the CloudFormation User Guide for
AWS::ECR::Repository
for more information about the expected schema for this property.- Tag[]
- An array of key-value pairs to apply to this resource.
- empty_
on_ booldelete - If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
- encryption_
configuration RepositoryEncryption Configuration Args - The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
- image_
scanning_ Repositoryconfiguration Image Scanning Configuration Args - The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
- image_
tag_ Repositorymutability Image Tag Mutability - The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. - lifecycle_
policy RepositoryLifecycle Policy Args - Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
- repository_
name str - The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app
). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - repository_
policy_ Anytext The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.
Search the CloudFormation User Guide for
AWS::ECR::Repository
for more information about the expected schema for this property.- Sequence[Tag
Args] - An array of key-value pairs to apply to this resource.
- empty
On BooleanDelete - If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
- encryption
Configuration Property Map - The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
- image
Scanning Property MapConfiguration - The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
- image
Tag "MUTABLE" | "IMMUTABLE"Mutability - The tag mutability setting for the repository. If this parameter is omitted, the default setting of
MUTABLE
will be used which will allow image tags to be overwritten. IfIMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten. - lifecycle
Policy Property Map - Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
- repository
Name String - The name to use for the repository. The repository name may be specified on its own (such as
nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such asproject-a/nginx-web-app
). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - repository
Policy AnyText The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.
Search the CloudFormation User Guide for
AWS::ECR::Repository
for more information about the expected schema for this property.- List<Property Map>
- An array of key-value pairs to apply to this resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Repository resource produces the following output properties:
- Arn string
- Returns the Amazon Resource Name (ARN) for the specified
AWS::ECR::Repository
resource. For example,arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository*
. - Id string
- The provider-assigned unique ID for this managed resource.
- Repository
Uri string - Returns the URI for the specified
AWS::ECR::Repository
resource. For example,*123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository
.
- Arn string
- Returns the Amazon Resource Name (ARN) for the specified
AWS::ECR::Repository
resource. For example,arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository*
. - Id string
- The provider-assigned unique ID for this managed resource.
- Repository
Uri string - Returns the URI for the specified
AWS::ECR::Repository
resource. For example,*123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository
.
- arn String
- Returns the Amazon Resource Name (ARN) for the specified
AWS::ECR::Repository
resource. For example,arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository*
. - id String
- The provider-assigned unique ID for this managed resource.
- repository
Uri String - Returns the URI for the specified
AWS::ECR::Repository
resource. For example,*123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository
.
- arn string
- Returns the Amazon Resource Name (ARN) for the specified
AWS::ECR::Repository
resource. For example,arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository*
. - id string
- The provider-assigned unique ID for this managed resource.
- repository
Uri string - Returns the URI for the specified
AWS::ECR::Repository
resource. For example,*123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository
.
- arn str
- Returns the Amazon Resource Name (ARN) for the specified
AWS::ECR::Repository
resource. For example,arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository*
. - id str
- The provider-assigned unique ID for this managed resource.
- repository_
uri str - Returns the URI for the specified
AWS::ECR::Repository
resource. For example,*123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository
.
- arn String
- Returns the Amazon Resource Name (ARN) for the specified
AWS::ECR::Repository
resource. For example,arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository*
. - id String
- The provider-assigned unique ID for this managed resource.
- repository
Uri String - Returns the URI for the specified
AWS::ECR::Repository
resource. For example,*123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository
.
Supporting Types
RepositoryEncryptionConfiguration, RepositoryEncryptionConfigurationArgs
- Encryption
Type Pulumi.Aws Native. Ecr. Repository Encryption Type The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.If you use the
KMS_DSSE
encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to theKMS
encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .
- Kms
Key string - If you use the
KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
- Encryption
Type RepositoryEncryption Type The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.If you use the
KMS_DSSE
encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to theKMS
encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .
- Kms
Key string - If you use the
KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
- encryption
Type RepositoryEncryption Type The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.If you use the
KMS_DSSE
encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to theKMS
encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .
- kms
Key String - If you use the
KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
- encryption
Type RepositoryEncryption Type The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.If you use the
KMS_DSSE
encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to theKMS
encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .
- kms
Key string - If you use the
KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
- encryption_
type RepositoryEncryption Type The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.If you use the
KMS_DSSE
encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to theKMS
encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .
- kms_
key str - If you use the
KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
- encryption
Type "AES256" | "KMS" | "KMS_DSSE" The encryption type to use.
If you use the
KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.If you use the
KMS_DSSE
encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to theKMS
encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.If you use the
AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .
- kms
Key String - If you use the
KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
RepositoryEncryptionType, RepositoryEncryptionTypeArgs
- Aes256
- AES256
- Kms
- KMS
- Kms
Dsse - KMS_DSSE
- Repository
Encryption Type Aes256 - AES256
- Repository
Encryption Type Kms - KMS
- Repository
Encryption Type Kms Dsse - KMS_DSSE
- Aes256
- AES256
- Kms
- KMS
- Kms
Dsse - KMS_DSSE
- Aes256
- AES256
- Kms
- KMS
- Kms
Dsse - KMS_DSSE
- AES256
- AES256
- KMS
- KMS
- KMS_DSSE
- KMS_DSSE
- "AES256"
- AES256
- "KMS"
- KMS
- "KMS_DSSE"
- KMS_DSSE
RepositoryImageScanningConfiguration, RepositoryImageScanningConfigurationArgs
- Scan
On boolPush - The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started.
- Scan
On boolPush - The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started.
- scan
On BooleanPush - The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started.
- scan
On booleanPush - The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started.
- scan_
on_ boolpush - The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started.
- scan
On BooleanPush - The setting that determines whether images are scanned after being pushed to a repository. If set to
true
, images will be scanned after being pushed. If this parameter is not specified, it will default tofalse
and images will not be scanned unless a scan is manually started.
RepositoryImageTagMutability, RepositoryImageTagMutabilityArgs
- Mutable
- MUTABLE
- Immutable
- IMMUTABLE
- Repository
Image Tag Mutability Mutable - MUTABLE
- Repository
Image Tag Mutability Immutable - IMMUTABLE
- Mutable
- MUTABLE
- Immutable
- IMMUTABLE
- Mutable
- MUTABLE
- Immutable
- IMMUTABLE
- MUTABLE
- MUTABLE
- IMMUTABLE
- IMMUTABLE
- "MUTABLE"
- MUTABLE
- "IMMUTABLE"
- IMMUTABLE
RepositoryLifecyclePolicy, RepositoryLifecyclePolicyArgs
- Lifecycle
Policy stringText - The JSON repository policy text to apply to the repository.
- Registry
Id string - The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
- Lifecycle
Policy stringText - The JSON repository policy text to apply to the repository.
- Registry
Id string - The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
- lifecycle
Policy StringText - The JSON repository policy text to apply to the repository.
- registry
Id String - The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
- lifecycle
Policy stringText - The JSON repository policy text to apply to the repository.
- registry
Id string - The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
- lifecycle_
policy_ strtext - The JSON repository policy text to apply to the repository.
- registry_
id str - The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
- lifecycle
Policy StringText - The JSON repository policy text to apply to the repository.
- registry
Id String - The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.