1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. ecr

Module ecr

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Functions

Others

Resources

Resource LifecyclePolicy

class LifecyclePolicy extends CustomResource

Manages an ECR repository lifecycle policy.

NOTE: Only one aws.ecr.LifecyclePolicy resource can be used with the same ECR repository. To apply multiple rules, they must be combined in the policy JSON.

NOTE: The AWS ECR API seems to reorder rules based on rulePriority. If you define multiple rules that are not sorted in ascending rulePriority order in the this provider code, the resource will be flagged for recreation every deployment.

Example Usage

Policy on untagged image
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ecr.Repository("foo", {});
const foopolicy = new aws.ecr.LifecyclePolicy("foopolicy", {
    policy: `{
    "rules": [
        {
            "rulePriority": 1,
            "description": "Expire images older than 14 days",
            "selection": {
                "tagStatus": "untagged",
                "countType": "sinceImagePushed",
                "countUnit": "days",
                "countNumber": 14
            },
            "action": {
                "type": "expire"
            }
        }
    ]
}
`,
    repository: foo.name,
});
Policy on tagged image
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ecr.Repository("foo", {});
const foopolicy = new aws.ecr.LifecyclePolicy("foopolicy", {
    policy: `{
    "rules": [
        {
            "rulePriority": 1,
            "description": "Keep last 30 images",
            "selection": {
                "tagStatus": "tagged",
                "tagPrefixList": ["v"],
                "countType": "imageCountMoreThan",
                "countNumber": 30
            },
            "action": {
                "type": "expire"
            }
        }
    ]
}
`,
    repository: foo.name,
});

constructor

new LifecyclePolicy(name: string, args: LifecyclePolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a LifecyclePolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LifecyclePolicyState, opts?: pulumi.CustomResourceOptions): LifecyclePolicy

Get an existing LifecyclePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LifecyclePolicy

Returns true if the given object is an instance of LifecyclePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policy

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs.

property registryId

public registryId: pulumi.Output<string>;

The registry ID where the repository was created.

property repository

public repository: pulumi.Output<string>;

Name of the repository to apply the policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Repository

class Repository extends CustomResource

Provides an Elastic Container Registry Repository.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ecr.Repository("foo", {
    imageScanningConfiguration: {
        scanOnPush: true,
    },
    imageTagMutability: "MUTABLE",
});

constructor

new Repository(name: string, args?: RepositoryArgs, opts?: pulumi.CustomResourceOptions)

Create a Repository resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RepositoryState, opts?: pulumi.CustomResourceOptions): Repository

Get an existing Repository resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Repository

Returns true if the given object is an instance of Repository. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Full ARN of the repository.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property imageScanningConfiguration

public imageScanningConfiguration: pulumi.Output<RepositoryImageScanningConfiguration | undefined>;

Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the ECR User Guide for more information about image scanning.

property imageTagMutability

public imageTagMutability: pulumi.Output<string | undefined>;

The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.

property name

public name: pulumi.Output<string>;

Name of the repository.

property registryId

public registryId: pulumi.Output<string>;

The registry ID where the repository was created.

property repositoryUrl

public repositoryUrl: pulumi.Output<string>;

The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName).

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RepositoryPolicy

class RepositoryPolicy extends CustomResource

Provides an Elastic Container Registry Repository Policy.

Note that currently only one policy may be applied to a repository.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ecr.Repository("foo", {});
const foopolicy = new aws.ecr.RepositoryPolicy("foopolicy", {
    policy: `{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "new policy",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
                "ecr:PutImage",
                "ecr:InitiateLayerUpload",
                "ecr:UploadLayerPart",
                "ecr:CompleteLayerUpload",
                "ecr:DescribeRepositories",
                "ecr:GetRepositoryPolicy",
                "ecr:ListImages",
                "ecr:DeleteRepository",
                "ecr:BatchDeleteImage",
                "ecr:SetRepositoryPolicy",
                "ecr:DeleteRepositoryPolicy"
            ]
        }
    ]
}
`,
    repository: foo.name,
});

constructor

new RepositoryPolicy(name: string, args: RepositoryPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a RepositoryPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RepositoryPolicyState, opts?: pulumi.CustomResourceOptions): RepositoryPolicy

Get an existing RepositoryPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RepositoryPolicy

Returns true if the given object is an instance of RepositoryPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policy

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string.

property registryId

public registryId: pulumi.Output<string>;

The registry ID where the repository was created.

property repository

public repository: pulumi.Output<string>;

Name of the repository to apply the policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getCredentials

getCredentials(args: GetCredentialsArgs, opts?: pulumi.InvokeOptions): Promise<GetCredentialsResult>

Function getImage

getImage(args: GetImageArgs, opts?: pulumi.InvokeOptions): Promise<GetImageResult>

The ECR Image data source allows the details of an image with a particular tag or digest to be retrieved.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const serviceImage = pulumi.output(aws.ecr.getImage({
    imageTag: "latest",
    repositoryName: "my/service",
}, { async: true }));

Function getRepository

getRepository(args: GetRepositoryArgs, opts?: pulumi.InvokeOptions): Promise<GetRepositoryResult>

The ECR Repository data source allows the ARN, Repository URI and Registry ID to be retrieved for an ECR repository.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const service = pulumi.output(aws.ecr.getRepository({
    name: "ecr-repository",
}, { async: true }));

Others

interface Action

interface Action

property type

type: Input<"expire">;

The specified action type - the only supported value is expire.

interface GetCredentialsArgs

interface GetCredentialsArgs

A collection of arguments for invoking getCredentials.

property registryId

registryId: string;

interface GetCredentialsResult

interface GetCredentialsResult

A collection of values returned by getCredentials.

property authorizationToken

authorizationToken: string;

property expiresAt

expiresAt: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property proxyEndpoint

proxyEndpoint: string;

property registryId

registryId: string;

interface GetImageArgs

interface GetImageArgs

A collection of arguments for invoking getImage.

property imageDigest

imageDigest?: undefined | string;

The sha256 digest of the image manifest. At least one of imageDigest or imageTag must be specified.

property imageTag

imageTag?: undefined | string;

The tag associated with this image. At least one of imageDigest or imageTag must be specified.

property registryId

registryId?: undefined | string;

The ID of the Registry where the repository resides.

property repositoryName

repositoryName: string;

The name of the ECR Repository.

interface GetImageResult

interface GetImageResult

A collection of values returned by getImage.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property imageDigest

imageDigest: string;

property imagePushedAt

imagePushedAt: number;

The date and time, expressed as a unix timestamp, at which the current image was pushed to the repository.

property imageSizeInBytes

imageSizeInBytes: number;

The size, in bytes, of the image in the repository.

property imageTag

imageTag?: undefined | string;

property imageTags

imageTags: string[];

The list of tags associated with this image.

property registryId

registryId: string;

property repositoryName

repositoryName: string;

interface GetRepositoryArgs

interface GetRepositoryArgs

A collection of arguments for invoking getRepository.

property name

name: string;

The name of the ECR Repository.

property tags

tags?: undefined | {[key: string]: any};

A map of tags assigned to the resource.

interface GetRepositoryResult

interface GetRepositoryResult

A collection of values returned by getRepository.

property arn

arn: string;

Full ARN of the repository.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

property registryId

registryId: string;

The registry ID where the repository was created.

property repositoryUrl

repositoryUrl: string;

The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName).

property tags

tags: {[key: string]: any};

A map of tags assigned to the resource.

interface LifecyclePolicyArgs

interface LifecyclePolicyArgs

The set of arguments for constructing a LifecyclePolicy resource.

property policy

policy: pulumi.Input<string | LifecyclePolicyDocument>;

The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs.

property repository

repository: pulumi.Input<string>;

Name of the repository to apply the policy.

interface LifecyclePolicyDocument

interface LifecyclePolicyDocument

Amazon ECR lifecycle policies enable you to specify the lifecycle management of images in a repository. A lifecycle policy is a set of one or more rules, where each rule defines an action for Amazon ECR. The actions apply to images that contain tags prefixed with the given strings. This allows the automation of cleaning up unused images, for example expiring images based on age or count. You should expect that after creating a lifecycle policy the affected images are expired within 24 hours.

For more details about ECR lifecycle policies, please refer to the AWS documentation online: https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

property rules

rules: PolicyRule[];

interface LifecyclePolicyState

interface LifecyclePolicyState

Input properties used for looking up and filtering LifecyclePolicy resources.

property policy

policy?: pulumi.Input<string | LifecyclePolicyDocument>;

The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs.

property registryId

registryId?: pulumi.Input<string>;

The registry ID where the repository was created.

property repository

repository?: pulumi.Input<string>;

Name of the repository to apply the policy.

interface PolicyRule

interface PolicyRule

property action

action: Action;

The action to perform when selection criteria is met.

property description

description?: Input<string>;

An optional description for the rule.

property rulePriority

rulePriority: Input<number>;

Indicate the Rule Priority - each rule must have a different priority.

property selection

selection: Selection;

The selection criteria for the rule.

interface RepositoryArgs

interface RepositoryArgs

The set of arguments for constructing a Repository resource.

property imageScanningConfiguration

imageScanningConfiguration?: pulumi.Input<RepositoryImageScanningConfiguration>;

Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the ECR User Guide for more information about image scanning.

property imageTagMutability

imageTagMutability?: pulumi.Input<string>;

The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.

property name

name?: pulumi.Input<string>;

Name of the repository.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface RepositoryPolicyArgs

interface RepositoryPolicyArgs

The set of arguments for constructing a RepositoryPolicy resource.

property policy

policy: pulumi.Input<string | PolicyDocument>;

The policy document. This is a JSON formatted string.

property repository

repository: pulumi.Input<string>;

Name of the repository to apply the policy.

interface RepositoryPolicyState

interface RepositoryPolicyState

Input properties used for looking up and filtering RepositoryPolicy resources.

property policy

policy?: pulumi.Input<string | PolicyDocument>;

The policy document. This is a JSON formatted string.

property registryId

registryId?: pulumi.Input<string>;

The registry ID where the repository was created.

property repository

repository?: pulumi.Input<string>;

Name of the repository to apply the policy.

interface RepositoryState

interface RepositoryState

Input properties used for looking up and filtering Repository resources.

property arn

arn?: pulumi.Input<string>;

Full ARN of the repository.

property imageScanningConfiguration

imageScanningConfiguration?: pulumi.Input<RepositoryImageScanningConfiguration>;

Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the ECR User Guide for more information about image scanning.

property imageTagMutability

imageTagMutability?: pulumi.Input<string>;

The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.

property name

name?: pulumi.Input<string>;

Name of the repository.

property registryId

registryId?: pulumi.Input<string>;

The registry ID where the repository was created.

property repositoryUrl

repositoryUrl?: pulumi.Input<string>;

The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName).

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface Selection

interface Selection

Selection is the selection criteria for the rule and is the mart part of the policy.

property countNumber

countNumber: Input<number>;

The maximum number of images or the max age for which to apply the image selection.

property countType

countType: Input<"imageCountMoreThan" | "sinceImagePushed">;

Indicate whether to evaluate the rule based on imageCountMoreThan or sinceImagePushed.

property countUnit

countUnit?: Input<string>;

The unit of time e.g. days for which to apply the selection.

property tagPrefixList

tagPrefixList?: Input<string> | Input<string>[];

Specify one or more image tag prefixes for selection.

property tagStatus

tagStatus: Input<"tagged" | "untagged" | "any">;

Indicate whether to select tagged, untagged or any images in the repository.