1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. ecr
  5. Repository

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.ecr.Repository

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    The AWS::ECR::Repository resource specifies an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. For more information, see Amazon ECR private repositories in the Amazon ECR User Guide.

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var lifecyclePolicyText = config.Require("lifecyclePolicyText");
        var repositoryName = config.Require("repositoryName");
        var registryId = config.Require("registryId");
        var myRepository = new AwsNative.Ecr.Repository("myRepository", new()
        {
            LifecyclePolicy = new AwsNative.Ecr.Inputs.RepositoryLifecyclePolicyArgs
            {
                LifecyclePolicyText = lifecyclePolicyText,
                RegistryId = registryId,
            },
            RepositoryName = repositoryName,
        });
    
        return new Dictionary<string, object?>
        {
            ["arn"] = myRepository.Arn,
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ecr"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		lifecyclePolicyText := cfg.Require("lifecyclePolicyText")
    		repositoryName := cfg.Require("repositoryName")
    		registryId := cfg.Require("registryId")
    		myRepository, err := ecr.NewRepository(ctx, "myRepository", &ecr.RepositoryArgs{
    			LifecyclePolicy: &ecr.RepositoryLifecyclePolicyArgs{
    				LifecyclePolicyText: pulumi.String(lifecyclePolicyText),
    				RegistryId:          pulumi.String(registryId),
    			},
    			RepositoryName: pulumi.String(repositoryName),
    		})
    		if err != nil {
    			return err
    		}
    		ctx.Export("arn", myRepository.Arn)
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    config = pulumi.Config()
    lifecycle_policy_text = config.require("lifecyclePolicyText")
    repository_name = config.require("repositoryName")
    registry_id = config.require("registryId")
    my_repository = aws_native.ecr.Repository("myRepository",
        lifecycle_policy={
            "lifecycle_policy_text": lifecycle_policy_text,
            "registry_id": registry_id,
        },
        repository_name=repository_name)
    pulumi.export("arn", my_repository.arn)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const config = new pulumi.Config();
    const lifecyclePolicyText = config.require("lifecyclePolicyText");
    const repositoryName = config.require("repositoryName");
    const registryId = config.require("registryId");
    const myRepository = new aws_native.ecr.Repository("myRepository", {
        lifecyclePolicy: {
            lifecyclePolicyText: lifecyclePolicyText,
            registryId: registryId,
        },
        repositoryName: repositoryName,
    });
    export const arn = myRepository.arn;
    

    Coming soon!

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var lifecyclePolicyText = config.Require("lifecyclePolicyText");
        var repositoryName = config.Require("repositoryName");
        var registryId = config.Require("registryId");
        var myRepository = new AwsNative.Ecr.Repository("myRepository", new()
        {
            LifecyclePolicy = new AwsNative.Ecr.Inputs.RepositoryLifecyclePolicyArgs
            {
                LifecyclePolicyText = lifecyclePolicyText,
                RegistryId = registryId,
            },
            RepositoryName = repositoryName,
        });
    
        return new Dictionary<string, object?>
        {
            ["arn"] = myRepository.Arn,
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ecr"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		lifecyclePolicyText := cfg.Require("lifecyclePolicyText")
    		repositoryName := cfg.Require("repositoryName")
    		registryId := cfg.Require("registryId")
    		myRepository, err := ecr.NewRepository(ctx, "myRepository", &ecr.RepositoryArgs{
    			LifecyclePolicy: &ecr.RepositoryLifecyclePolicyArgs{
    				LifecyclePolicyText: pulumi.String(lifecyclePolicyText),
    				RegistryId:          pulumi.String(registryId),
    			},
    			RepositoryName: pulumi.String(repositoryName),
    		})
    		if err != nil {
    			return err
    		}
    		ctx.Export("arn", myRepository.Arn)
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    config = pulumi.Config()
    lifecycle_policy_text = config.require("lifecyclePolicyText")
    repository_name = config.require("repositoryName")
    registry_id = config.require("registryId")
    my_repository = aws_native.ecr.Repository("myRepository",
        lifecycle_policy={
            "lifecycle_policy_text": lifecycle_policy_text,
            "registry_id": registry_id,
        },
        repository_name=repository_name)
    pulumi.export("arn", my_repository.arn)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const config = new pulumi.Config();
    const lifecyclePolicyText = config.require("lifecyclePolicyText");
    const repositoryName = config.require("repositoryName");
    const registryId = config.require("registryId");
    const myRepository = new aws_native.ecr.Repository("myRepository", {
        lifecyclePolicy: {
            lifecyclePolicyText: lifecyclePolicyText,
            registryId: registryId,
        },
        repositoryName: repositoryName,
    });
    export const arn = myRepository.arn;
    

    Coming soon!

    Create Repository Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Repository(name: string, args?: RepositoryArgs, opts?: CustomResourceOptions);
    @overload
    def Repository(resource_name: str,
                   args: Optional[RepositoryArgs] = None,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def Repository(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   empty_on_delete: Optional[bool] = None,
                   encryption_configuration: Optional[RepositoryEncryptionConfigurationArgs] = None,
                   image_scanning_configuration: Optional[RepositoryImageScanningConfigurationArgs] = None,
                   image_tag_mutability: Optional[RepositoryImageTagMutability] = None,
                   lifecycle_policy: Optional[RepositoryLifecyclePolicyArgs] = None,
                   repository_name: Optional[str] = None,
                   repository_policy_text: Optional[Any] = None,
                   tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
    func NewRepository(ctx *Context, name string, args *RepositoryArgs, opts ...ResourceOption) (*Repository, error)
    public Repository(string name, RepositoryArgs? args = null, CustomResourceOptions? opts = null)
    public Repository(String name, RepositoryArgs args)
    public Repository(String name, RepositoryArgs args, CustomResourceOptions options)
    
    type: aws-native:ecr:Repository
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RepositoryArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RepositoryArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RepositoryArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RepositoryArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RepositoryArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Repository Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Repository resource accepts the following input properties:

    EmptyOnDelete bool
    If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
    EncryptionConfiguration Pulumi.AwsNative.Ecr.Inputs.RepositoryEncryptionConfiguration
    The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
    ImageScanningConfiguration Pulumi.AwsNative.Ecr.Inputs.RepositoryImageScanningConfiguration
    The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
    ImageTagMutability Pulumi.AwsNative.Ecr.RepositoryImageTagMutability
    The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
    LifecyclePolicy Pulumi.AwsNative.Ecr.Inputs.RepositoryLifecyclePolicy
    Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
    RepositoryName string
    The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
    RepositoryPolicyText object

    The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

    Search the CloudFormation User Guide for AWS::ECR::Repository for more information about the expected schema for this property.

    Tags List<Pulumi.AwsNative.Inputs.Tag>
    An array of key-value pairs to apply to this resource.
    EmptyOnDelete bool
    If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
    EncryptionConfiguration RepositoryEncryptionConfigurationArgs
    The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
    ImageScanningConfiguration RepositoryImageScanningConfigurationArgs
    The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
    ImageTagMutability RepositoryImageTagMutability
    The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
    LifecyclePolicy RepositoryLifecyclePolicyArgs
    Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
    RepositoryName string
    The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
    RepositoryPolicyText interface{}

    The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

    Search the CloudFormation User Guide for AWS::ECR::Repository for more information about the expected schema for this property.

    Tags TagArgs
    An array of key-value pairs to apply to this resource.
    emptyOnDelete Boolean
    If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
    encryptionConfiguration RepositoryEncryptionConfiguration
    The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
    imageScanningConfiguration RepositoryImageScanningConfiguration
    The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
    imageTagMutability RepositoryImageTagMutability
    The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
    lifecyclePolicy RepositoryLifecyclePolicy
    Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
    repositoryName String
    The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
    repositoryPolicyText Object

    The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

    Search the CloudFormation User Guide for AWS::ECR::Repository for more information about the expected schema for this property.

    tags List<Tag>
    An array of key-value pairs to apply to this resource.
    emptyOnDelete boolean
    If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
    encryptionConfiguration RepositoryEncryptionConfiguration
    The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
    imageScanningConfiguration RepositoryImageScanningConfiguration
    The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
    imageTagMutability RepositoryImageTagMutability
    The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
    lifecyclePolicy RepositoryLifecyclePolicy
    Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
    repositoryName string
    The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
    repositoryPolicyText any

    The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

    Search the CloudFormation User Guide for AWS::ECR::Repository for more information about the expected schema for this property.

    tags Tag[]
    An array of key-value pairs to apply to this resource.
    empty_on_delete bool
    If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
    encryption_configuration RepositoryEncryptionConfigurationArgs
    The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
    image_scanning_configuration RepositoryImageScanningConfigurationArgs
    The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
    image_tag_mutability RepositoryImageTagMutability
    The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
    lifecycle_policy RepositoryLifecyclePolicyArgs
    Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
    repository_name str
    The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
    repository_policy_text Any

    The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

    Search the CloudFormation User Guide for AWS::ECR::Repository for more information about the expected schema for this property.

    tags Sequence[TagArgs]
    An array of key-value pairs to apply to this resource.
    emptyOnDelete Boolean
    If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.
    encryptionConfiguration Property Map
    The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
    imageScanningConfiguration Property Map
    The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
    imageTagMutability "MUTABLE" | "IMMUTABLE"
    The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
    lifecyclePolicy Property Map
    Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle policy template.
    repositoryName String
    The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see Name type. The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
    repositoryPolicyText Any

    The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide.

    Search the CloudFormation User Guide for AWS::ECR::Repository for more information about the expected schema for this property.

    tags List<Property Map>
    An array of key-value pairs to apply to this resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Repository resource produces the following output properties:

    Arn string
    Returns the Amazon Resource Name (ARN) for the specified AWS::ECR::Repository resource. For example, arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository* .
    Id string
    The provider-assigned unique ID for this managed resource.
    RepositoryUri string
    Returns the URI for the specified AWS::ECR::Repository resource. For example, *123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository .
    Arn string
    Returns the Amazon Resource Name (ARN) for the specified AWS::ECR::Repository resource. For example, arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository* .
    Id string
    The provider-assigned unique ID for this managed resource.
    RepositoryUri string
    Returns the URI for the specified AWS::ECR::Repository resource. For example, *123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository .
    arn String
    Returns the Amazon Resource Name (ARN) for the specified AWS::ECR::Repository resource. For example, arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository* .
    id String
    The provider-assigned unique ID for this managed resource.
    repositoryUri String
    Returns the URI for the specified AWS::ECR::Repository resource. For example, *123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository .
    arn string
    Returns the Amazon Resource Name (ARN) for the specified AWS::ECR::Repository resource. For example, arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository* .
    id string
    The provider-assigned unique ID for this managed resource.
    repositoryUri string
    Returns the URI for the specified AWS::ECR::Repository resource. For example, *123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository .
    arn str
    Returns the Amazon Resource Name (ARN) for the specified AWS::ECR::Repository resource. For example, arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository* .
    id str
    The provider-assigned unique ID for this managed resource.
    repository_uri str
    Returns the URI for the specified AWS::ECR::Repository resource. For example, *123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository .
    arn String
    Returns the Amazon Resource Name (ARN) for the specified AWS::ECR::Repository resource. For example, arn:aws:ecr: *eu-west-1* : *123456789012* :repository/ *test-repository* .
    id String
    The provider-assigned unique ID for this managed resource.
    repositoryUri String
    Returns the URI for the specified AWS::ECR::Repository resource. For example, *123456789012* .dkr.ecr. *us-west-2* .amazonaws.com/repository .

    Supporting Types

    RepositoryEncryptionConfiguration, RepositoryEncryptionConfigurationArgs

    EncryptionType Pulumi.AwsNative.Ecr.RepositoryEncryptionType

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.

    If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the KMS encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

    For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

    KmsKey string
    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
    EncryptionType RepositoryEncryptionType

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.

    If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the KMS encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

    For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

    KmsKey string
    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
    encryptionType RepositoryEncryptionType

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.

    If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the KMS encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

    For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

    kmsKey String
    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
    encryptionType RepositoryEncryptionType

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.

    If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the KMS encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

    For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

    kmsKey string
    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
    encryption_type RepositoryEncryptionType

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.

    If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the KMS encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

    For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

    kms_key str
    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.
    encryptionType "AES256" | "KMS" | "KMS_DSSE"

    The encryption type to use.

    If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.

    If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the KMS encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.

    If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

    For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide .

    kmsKey String
    If you use the KMS encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used.

    RepositoryEncryptionType, RepositoryEncryptionTypeArgs

    Aes256
    AES256
    Kms
    KMS
    KmsDsse
    KMS_DSSE
    RepositoryEncryptionTypeAes256
    AES256
    RepositoryEncryptionTypeKms
    KMS
    RepositoryEncryptionTypeKmsDsse
    KMS_DSSE
    Aes256
    AES256
    Kms
    KMS
    KmsDsse
    KMS_DSSE
    Aes256
    AES256
    Kms
    KMS
    KmsDsse
    KMS_DSSE
    AES256
    AES256
    KMS
    KMS
    KMS_DSSE
    KMS_DSSE
    "AES256"
    AES256
    "KMS"
    KMS
    "KMS_DSSE"
    KMS_DSSE

    RepositoryImageScanningConfiguration, RepositoryImageScanningConfigurationArgs

    ScanOnPush bool
    The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started.
    ScanOnPush bool
    The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started.
    scanOnPush Boolean
    The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started.
    scanOnPush boolean
    The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started.
    scan_on_push bool
    The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started.
    scanOnPush Boolean
    The setting that determines whether images are scanned after being pushed to a repository. If set to true, images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started.

    RepositoryImageTagMutability, RepositoryImageTagMutabilityArgs

    Mutable
    MUTABLE
    Immutable
    IMMUTABLE
    RepositoryImageTagMutabilityMutable
    MUTABLE
    RepositoryImageTagMutabilityImmutable
    IMMUTABLE
    Mutable
    MUTABLE
    Immutable
    IMMUTABLE
    Mutable
    MUTABLE
    Immutable
    IMMUTABLE
    MUTABLE
    MUTABLE
    IMMUTABLE
    IMMUTABLE
    "MUTABLE"
    MUTABLE
    "IMMUTABLE"
    IMMUTABLE

    RepositoryLifecyclePolicy, RepositoryLifecyclePolicyArgs

    LifecyclePolicyText string
    The JSON repository policy text to apply to the repository.
    RegistryId string
    The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
    LifecyclePolicyText string
    The JSON repository policy text to apply to the repository.
    RegistryId string
    The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
    lifecyclePolicyText String
    The JSON repository policy text to apply to the repository.
    registryId String
    The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
    lifecyclePolicyText string
    The JSON repository policy text to apply to the repository.
    registryId string
    The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
    lifecycle_policy_text str
    The JSON repository policy text to apply to the repository.
    registry_id str
    The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
    lifecyclePolicyText String
    The JSON repository policy text to apply to the repository.
    registryId String
    The AWS account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi