This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

ecr

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.ecr.AwaitableGetAuthorizationTokenResult(authorization_token=None, expires_at=None, id=None, password=None, proxy_endpoint=None, registry_id=None, user_name=None)
class pulumi_aws.ecr.AwaitableGetCredentialsResult(authorization_token=None, expires_at=None, id=None, proxy_endpoint=None, registry_id=None)
class pulumi_aws.ecr.AwaitableGetImageResult(id=None, image_digest=None, image_pushed_at=None, image_size_in_bytes=None, image_tag=None, image_tags=None, registry_id=None, repository_name=None)
class pulumi_aws.ecr.AwaitableGetRepositoryResult(arn=None, id=None, name=None, registry_id=None, repository_url=None, tags=None)
class pulumi_aws.ecr.GetAuthorizationTokenResult(authorization_token=None, expires_at=None, id=None, password=None, proxy_endpoint=None, registry_id=None, user_name=None)

A collection of values returned by getAuthorizationToken.

authorization_token = None

Temporary IAM authentication credentials to access the ECR repository encoded in base64 in the form of user_name:password.

expires_at = None

The time in UTC RFC3339 format when the authorization token expires.

id = None

The provider-assigned unique ID for this managed resource.

password = None

Password decoded from the authorization token.

proxy_endpoint = None

The registry URL to use in the docker login command.

user_name = None

User name decoded from the authorization token.

class pulumi_aws.ecr.GetCredentialsResult(authorization_token=None, expires_at=None, id=None, proxy_endpoint=None, registry_id=None)

A collection of values returned by getCredentials.

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_aws.ecr.GetImageResult(id=None, image_digest=None, image_pushed_at=None, image_size_in_bytes=None, image_tag=None, image_tags=None, registry_id=None, repository_name=None)

A collection of values returned by getImage.

id = None

The provider-assigned unique ID for this managed resource.

image_pushed_at = None

The date and time, expressed as a unix timestamp, at which the current image was pushed to the repository.

image_size_in_bytes = None

The size, in bytes, of the image in the repository.

image_tags = None

The list of tags associated with this image.

class pulumi_aws.ecr.GetRepositoryResult(arn=None, id=None, name=None, registry_id=None, repository_url=None, tags=None)

A collection of values returned by getRepository.

arn = None

Full ARN of the repository.

id = None

The provider-assigned unique ID for this managed resource.

registry_id = None

The registry ID where the repository was created.

repository_url = None

The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName).

tags = None

A map of tags assigned to the resource.

class pulumi_aws.ecr.LifecyclePolicy(resource_name, opts=None, policy=None, repository=None, __props__=None, __name__=None, __opts__=None)

Manages an ECR repository lifecycle policy.

NOTE: Only one ecr.LifecyclePolicy resource can be used with the same ECR repository. To apply multiple rules, they must be combined in the policy JSON.

NOTE: The AWS ECR API seems to reorder rules based on rulePriority. If you define multiple rules that are not sorted in ascending rulePriority order in the this provider code, the resource will be flagged for recreation every deployment.

import pulumi
import pulumi_aws as aws

foo = aws.ecr.Repository("foo")
foopolicy = aws.ecr.LifecyclePolicy("foopolicy",
    policy="""{
    "rules": [
        {
            "rulePriority": 1,
            "description": "Expire images older than 14 days",
            "selection": {
                "tagStatus": "untagged",
                "countType": "sinceImagePushed",
                "countUnit": "days",
                "countNumber": 14
            },
            "action": {
                "type": "expire"
            }
        }
    ]
}

""",
    repository=foo.name)
import pulumi
import pulumi_aws as aws

foo = aws.ecr.Repository("foo")
foopolicy = aws.ecr.LifecyclePolicy("foopolicy",
    policy="""{
    "rules": [
        {
            "rulePriority": 1,
            "description": "Keep last 30 images",
            "selection": {
                "tagStatus": "tagged",
                "tagPrefixList": ["v"],
                "countType": "imageCountMoreThan",
                "countNumber": 30
            },
            "action": {
                "type": "expire"
            }
        }
    ]
}

""",
    repository=foo.name)
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • policy (pulumi.Input[dict]) – The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs.

  • repository (pulumi.Input[str]) – Name of the repository to apply the policy.

policy: pulumi.Output[str] = None

The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs.

registry_id: pulumi.Output[str] = None

The registry ID where the repository was created.

repository: pulumi.Output[str] = None

Name of the repository to apply the policy.

static get(resource_name, id, opts=None, policy=None, registry_id=None, repository=None)

Get an existing LifecyclePolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • policy (pulumi.Input[dict]) –

    The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs.

  • registry_id (pulumi.Input[str]) – The registry ID where the repository was created.

  • repository (pulumi.Input[str]) – Name of the repository to apply the policy.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.ecr.Repository(resource_name, opts=None, image_scanning_configuration=None, image_tag_mutability=None, name=None, tags=None, __props__=None, __name__=None, __opts__=None)

Provides an Elastic Container Registry Repository.

import pulumi
import pulumi_aws as aws

foo = aws.ecr.Repository("foo",
    image_scanning_configuration={
        "scanOnPush": True,
    },
    image_tag_mutability="MUTABLE")
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • image_scanning_configuration (pulumi.Input[dict]) – Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the ECR User Guide for more information about image scanning.

  • image_tag_mutability (pulumi.Input[str]) – The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.

  • name (pulumi.Input[str]) – Name of the repository.

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

The image_scanning_configuration object supports the following:

  • scanOnPush (pulumi.Input[bool]) - Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false).

arn: pulumi.Output[str] = None

Full ARN of the repository.

image_scanning_configuration: pulumi.Output[dict] = None

Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the ECR User Guide for more information about image scanning.

  • scanOnPush (bool) - Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false).

image_tag_mutability: pulumi.Output[str] = None

The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.

name: pulumi.Output[str] = None

Name of the repository.

registry_id: pulumi.Output[str] = None

The registry ID where the repository was created.

repository_url: pulumi.Output[str] = None

The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName).

tags: pulumi.Output[dict] = None

A map of tags to assign to the resource.

static get(resource_name, id, opts=None, arn=None, image_scanning_configuration=None, image_tag_mutability=None, name=None, registry_id=None, repository_url=None, tags=None)

Get an existing Repository resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – Full ARN of the repository.

  • image_scanning_configuration (pulumi.Input[dict]) –

    Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the ECR User Guide for more information about image scanning.

  • image_tag_mutability (pulumi.Input[str]) – The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.

  • name (pulumi.Input[str]) – Name of the repository.

  • registry_id (pulumi.Input[str]) – The registry ID where the repository was created.

  • repository_url (pulumi.Input[str]) – The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName).

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

The image_scanning_configuration object supports the following:

  • scanOnPush (pulumi.Input[bool]) - Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false).

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.ecr.RepositoryPolicy(resource_name, opts=None, policy=None, repository=None, __props__=None, __name__=None, __opts__=None)

Provides an Elastic Container Registry Repository Policy.

Note that currently only one policy may be applied to a repository.

import pulumi
import pulumi_aws as aws

foo = aws.ecr.Repository("foo")
foopolicy = aws.ecr.RepositoryPolicy("foopolicy",
    policy="""{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "new policy",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
                "ecr:PutImage",
                "ecr:InitiateLayerUpload",
                "ecr:UploadLayerPart",
                "ecr:CompleteLayerUpload",
                "ecr:DescribeRepositories",
                "ecr:GetRepositoryPolicy",
                "ecr:ListImages",
                "ecr:DeleteRepository",
                "ecr:BatchDeleteImage",
                "ecr:SetRepositoryPolicy",
                "ecr:DeleteRepositoryPolicy"
            ]
        }
    ]
}

""",
    repository=foo.name)
Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • policy (pulumi.Input[dict]) – The policy document. This is a JSON formatted string.

  • repository (pulumi.Input[str]) – Name of the repository to apply the policy.

policy: pulumi.Output[str] = None

The policy document. This is a JSON formatted string.

registry_id: pulumi.Output[str] = None

The registry ID where the repository was created.

repository: pulumi.Output[str] = None

Name of the repository to apply the policy.

static get(resource_name, id, opts=None, policy=None, registry_id=None, repository=None)

Get an existing RepositoryPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • policy (pulumi.Input[dict]) – The policy document. This is a JSON formatted string.

  • registry_id (pulumi.Input[str]) – The registry ID where the repository was created.

  • repository (pulumi.Input[str]) – Name of the repository to apply the policy.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_aws.ecr.get_authorization_token(registry_id=None, opts=None)

The ECR Authorization Token data source allows the authorization token, proxy endpoint, token expiration date, user name and password to be retrieved for an ECR repository.

import pulumi
import pulumi_aws as aws

token = aws.ecr.get_authorization_token()
Parameters

registry_id (str) – AWS account ID of the ECR Repository. If not specified the default account is assumed.

pulumi_aws.ecr.get_credentials(registry_id=None, opts=None)

Use this data source to access information about an existing resource.

pulumi_aws.ecr.get_image(image_digest=None, image_tag=None, registry_id=None, repository_name=None, opts=None)

The ECR Image data source allows the details of an image with a particular tag or digest to be retrieved.

import pulumi
import pulumi_aws as aws

service_image = aws.ecr.get_image(image_tag="latest",
    repository_name="my/service")
Parameters
  • image_digest (str) – The sha256 digest of the image manifest. At least one of image_digest or image_tag must be specified.

  • image_tag (str) – The tag associated with this image. At least one of image_digest or image_tag must be specified.

  • registry_id (str) – The ID of the Registry where the repository resides.

  • repository_name (str) – The name of the ECR Repository.

pulumi_aws.ecr.get_repository(name=None, tags=None, opts=None)

The ECR Repository data source allows the ARN, Repository URI and Registry ID to be retrieved for an ECR repository.

import pulumi
import pulumi_aws as aws

service = aws.ecr.get_repository(name="ecr-repository")
Parameters
  • name (str) – The name of the ECR Repository.

  • tags (dict) – A map of tags assigned to the resource.