lacework 2.0.6, Apr 14 25

lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

lacework.IntegrationEcr

Explore with Pulumi AI

lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

lacework/terraform-provider-lacework

Import

A Lacework ECR integration can be imported using a INT_GUID, e.g.

$ pulumi import lacework:index/integrationEcr:IntegrationEcr example EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5

-> Note: To retrieve the INT_GUID from existing integrations in your account, use the Lacework CLI command lacework container-registry list. To install this tool follow this documentation.

Create IntegrationEcr Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IntegrationEcr(name: string, args: IntegrationEcrArgs, opts?: CustomResourceOptions);

@overload
def IntegrationEcr(resource_name: str,
                   args: IntegrationEcrArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def IntegrationEcr(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   credentials: Optional[IntegrationEcrCredentialsArgs] = None,
                   registry_domain: Optional[str] = None,
                   enabled: Optional[bool] = None,
                   integration_ecr_id: Optional[str] = None,
                   limit_by_labels: Optional[Sequence[IntegrationEcrLimitByLabelArgs]] = None,
                   limit_by_repositories: Optional[Sequence[str]] = None,
                   limit_by_tags: Optional[Sequence[str]] = None,
                   limit_num_imgs: Optional[float] = None,
                   name: Optional[str] = None,
                   non_os_package_support: Optional[bool] = None)

func NewIntegrationEcr(ctx *Context, name string, args IntegrationEcrArgs, opts ...ResourceOption) (*IntegrationEcr, error)

public IntegrationEcr(string name, IntegrationEcrArgs args, CustomResourceOptions? opts = null)

public IntegrationEcr(String name, IntegrationEcrArgs args)
public IntegrationEcr(String name, IntegrationEcrArgs args, CustomResourceOptions options)

type: lacework:IntegrationEcr
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IntegrationEcrArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IntegrationEcrArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IntegrationEcrArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IntegrationEcrArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IntegrationEcrArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var integrationEcrResource = new Lacework.IntegrationEcr("integrationEcrResource", new()
{
    Credentials = new Lacework.Inputs.IntegrationEcrCredentialsArgs
    {
        AccessKeyId = "string",
        ExternalId = "string",
        RoleArn = "string",
        SecretAccessKey = "string",
    },
    RegistryDomain = "string",
    Enabled = false,
    IntegrationEcrId = "string",
    LimitByLabels = new[]
    {
        new Lacework.Inputs.IntegrationEcrLimitByLabelArgs
        {
            Key = "string",
            Value = "string",
        },
    },
    LimitByRepositories = new[]
    {
        "string",
    },
    LimitByTags = new[]
    {
        "string",
    },
    LimitNumImgs = 0,
    Name = "string",
    NonOsPackageSupport = false,
});

example, err := lacework.NewIntegrationEcr(ctx, "integrationEcrResource", &lacework.IntegrationEcrArgs{
	Credentials: &lacework.IntegrationEcrCredentialsArgs{
		AccessKeyId:     pulumi.String("string"),
		ExternalId:      pulumi.String("string"),
		RoleArn:         pulumi.String("string"),
		SecretAccessKey: pulumi.String("string"),
	},
	RegistryDomain:   pulumi.String("string"),
	Enabled:          pulumi.Bool(false),
	IntegrationEcrId: pulumi.String("string"),
	LimitByLabels: lacework.IntegrationEcrLimitByLabelArray{
		&lacework.IntegrationEcrLimitByLabelArgs{
			Key:   pulumi.String("string"),
			Value: pulumi.String("string"),
		},
	},
	LimitByRepositories: pulumi.StringArray{
		pulumi.String("string"),
	},
	LimitByTags: pulumi.StringArray{
		pulumi.String("string"),
	},
	LimitNumImgs:        pulumi.Float64(0),
	Name:                pulumi.String("string"),
	NonOsPackageSupport: pulumi.Bool(false),
})

var integrationEcrResource = new IntegrationEcr("integrationEcrResource", IntegrationEcrArgs.builder()
    .credentials(IntegrationEcrCredentialsArgs.builder()
        .accessKeyId("string")
        .externalId("string")
        .roleArn("string")
        .secretAccessKey("string")
        .build())
    .registryDomain("string")
    .enabled(false)
    .integrationEcrId("string")
    .limitByLabels(IntegrationEcrLimitByLabelArgs.builder()
        .key("string")
        .value("string")
        .build())
    .limitByRepositories("string")
    .limitByTags("string")
    .limitNumImgs(0)
    .name("string")
    .nonOsPackageSupport(false)
    .build());

integration_ecr_resource = lacework.IntegrationEcr("integrationEcrResource",
    credentials={
        "access_key_id": "string",
        "external_id": "string",
        "role_arn": "string",
        "secret_access_key": "string",
    },
    registry_domain="string",
    enabled=False,
    integration_ecr_id="string",
    limit_by_labels=[{
        "key": "string",
        "value": "string",
    }],
    limit_by_repositories=["string"],
    limit_by_tags=["string"],
    limit_num_imgs=0,
    name="string",
    non_os_package_support=False)

const integrationEcrResource = new lacework.IntegrationEcr("integrationEcrResource", {
    credentials: {
        accessKeyId: "string",
        externalId: "string",
        roleArn: "string",
        secretAccessKey: "string",
    },
    registryDomain: "string",
    enabled: false,
    integrationEcrId: "string",
    limitByLabels: [{
        key: "string",
        value: "string",
    }],
    limitByRepositories: ["string"],
    limitByTags: ["string"],
    limitNumImgs: 0,
    name: "string",
    nonOsPackageSupport: false,
});

type: lacework:IntegrationEcr
properties:
    credentials:
        accessKeyId: string
        externalId: string
        roleArn: string
        secretAccessKey: string
    enabled: false
    integrationEcrId: string
    limitByLabels:
        - key: string
          value: string
    limitByRepositories:
        - string
    limitByTags:
        - string
    limitNumImgs: 0
    name: string
    nonOsPackageSupport: false
    registryDomain: string

IntegrationEcr Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IntegrationEcr resource accepts the following input properties:

Credentials IntegrationEcrCredentials: The credentials needed by the integration. See Credentials below for details.
RegistryDomain string: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
Enabled bool: The state of the external integration. Defaults to true.
IntegrationEcrId string
LimitByLabels List<IntegrationEcrLimitByLabel>: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
LimitByRepositories List<string>: A list of repositories to assess.
LimitByTags List<string>: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
LimitNumImgs double: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
Name string: The ECR integration name.
NonOsPackageSupport bool: Enable program language scanning. Defaults to true.

Credentials IntegrationEcrCredentialsArgs: The credentials needed by the integration. See Credentials below for details.
RegistryDomain string: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
Enabled bool: The state of the external integration. Defaults to true.
IntegrationEcrId string
LimitByLabels []IntegrationEcrLimitByLabelArgs: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
LimitByRepositories []string: A list of repositories to assess.
LimitByTags []string: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
LimitNumImgs float64: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
Name string: The ECR integration name.
NonOsPackageSupport bool: Enable program language scanning. Defaults to true.

credentials IntegrationEcrCredentials: The credentials needed by the integration. See Credentials below for details.
registryDomain String: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
enabled Boolean: The state of the external integration. Defaults to true.
integrationEcrId String
limitByLabels List<IntegrationEcrLimitByLabel>: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limitByRepositories List<String>: A list of repositories to assess.
limitByTags List<String>: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limitNumImgs Double: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name String: The ECR integration name.
nonOsPackageSupport Boolean: Enable program language scanning. Defaults to true.

credentials IntegrationEcrCredentials: The credentials needed by the integration. See Credentials below for details.
registryDomain string: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
enabled boolean: The state of the external integration. Defaults to true.
integrationEcrId string
limitByLabels IntegrationEcrLimitByLabel[]: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limitByRepositories string[]: A list of repositories to assess.
limitByTags string[]: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limitNumImgs number: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name string: The ECR integration name.
nonOsPackageSupport boolean: Enable program language scanning. Defaults to true.

credentials IntegrationEcrCredentialsArgs: The credentials needed by the integration. See Credentials below for details.
registry_domain str: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
enabled bool: The state of the external integration. Defaults to true.
integration_ecr_id str
limit_by_labels Sequence[IntegrationEcrLimitByLabelArgs]: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limit_by_repositories Sequence[str]: A list of repositories to assess.
limit_by_tags Sequence[str]: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limit_num_imgs float: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name str: The ECR integration name.
non_os_package_support bool: Enable program language scanning. Defaults to true.

credentials Property Map: The credentials needed by the integration. See Credentials below for details.
registryDomain String: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
enabled Boolean: The state of the external integration. Defaults to true.
integrationEcrId String
limitByLabels List<Property Map>: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limitByRepositories List<String>: A list of repositories to assess.
limitByTags List<String>: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limitNumImgs Number: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name String: The ECR integration name.
nonOsPackageSupport Boolean: Enable program language scanning. Defaults to true.

Outputs

All input properties are implicitly available as output properties. Additionally, the IntegrationEcr resource produces the following output properties:

AwsAuthType string: Authentication method of the ECR integration
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Id string: The provider-assigned unique ID for this managed resource.
IntgGuid string
OrgLevel bool: Whether or not this integration is configured at the Organization level
TypeName string

AwsAuthType string: Authentication method of the ECR integration
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Id string: The provider-assigned unique ID for this managed resource.
IntgGuid string
OrgLevel bool: Whether or not this integration is configured at the Organization level
TypeName string

awsAuthType String: Authentication method of the ECR integration
createdOrUpdatedBy String
createdOrUpdatedTime String
id String: The provider-assigned unique ID for this managed resource.
intgGuid String
orgLevel Boolean: Whether or not this integration is configured at the Organization level
typeName String

awsAuthType string: Authentication method of the ECR integration
createdOrUpdatedBy string
createdOrUpdatedTime string
id string: The provider-assigned unique ID for this managed resource.
intgGuid string
orgLevel boolean: Whether or not this integration is configured at the Organization level
typeName string

aws_auth_type str: Authentication method of the ECR integration
created_or_updated_by str
created_or_updated_time str
id str: The provider-assigned unique ID for this managed resource.
intg_guid str
org_level bool: Whether or not this integration is configured at the Organization level
type_name str

awsAuthType String: Authentication method of the ECR integration
createdOrUpdatedBy String
createdOrUpdatedTime String
id String: The provider-assigned unique ID for this managed resource.
intgGuid String
orgLevel Boolean: Whether or not this integration is configured at the Organization level
typeName String

Look up Existing IntegrationEcr Resource

Get an existing IntegrationEcr resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IntegrationEcrState, opts?: CustomResourceOptions): IntegrationEcr

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        aws_auth_type: Optional[str] = None,
        created_or_updated_by: Optional[str] = None,
        created_or_updated_time: Optional[str] = None,
        credentials: Optional[IntegrationEcrCredentialsArgs] = None,
        enabled: Optional[bool] = None,
        integration_ecr_id: Optional[str] = None,
        intg_guid: Optional[str] = None,
        limit_by_labels: Optional[Sequence[IntegrationEcrLimitByLabelArgs]] = None,
        limit_by_repositories: Optional[Sequence[str]] = None,
        limit_by_tags: Optional[Sequence[str]] = None,
        limit_num_imgs: Optional[float] = None,
        name: Optional[str] = None,
        non_os_package_support: Optional[bool] = None,
        org_level: Optional[bool] = None,
        registry_domain: Optional[str] = None,
        type_name: Optional[str] = None) -> IntegrationEcr

func GetIntegrationEcr(ctx *Context, name string, id IDInput, state *IntegrationEcrState, opts ...ResourceOption) (*IntegrationEcr, error)

public static IntegrationEcr Get(string name, Input<string> id, IntegrationEcrState? state, CustomResourceOptions? opts = null)

public static IntegrationEcr get(String name, Output<String> id, IntegrationEcrState state, CustomResourceOptions options)

resources:  _:    type: lacework:IntegrationEcr    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AwsAuthType string: Authentication method of the ECR integration
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Credentials IntegrationEcrCredentials: The credentials needed by the integration. See Credentials below for details.
Enabled bool: The state of the external integration. Defaults to true.
IntegrationEcrId string
IntgGuid string
LimitByLabels List<IntegrationEcrLimitByLabel>: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
LimitByRepositories List<string>: A list of repositories to assess.
LimitByTags List<string>: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
LimitNumImgs double: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
Name string: The ECR integration name.
NonOsPackageSupport bool: Enable program language scanning. Defaults to true.
OrgLevel bool: Whether or not this integration is configured at the Organization level
RegistryDomain string: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
TypeName string

AwsAuthType string: Authentication method of the ECR integration
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Credentials IntegrationEcrCredentialsArgs: The credentials needed by the integration. See Credentials below for details.
Enabled bool: The state of the external integration. Defaults to true.
IntegrationEcrId string
IntgGuid string
LimitByLabels []IntegrationEcrLimitByLabelArgs: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
LimitByRepositories []string: A list of repositories to assess.
LimitByTags []string: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
LimitNumImgs float64: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
Name string: The ECR integration name.
NonOsPackageSupport bool: Enable program language scanning. Defaults to true.
OrgLevel bool: Whether or not this integration is configured at the Organization level
RegistryDomain string: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
TypeName string

awsAuthType String: Authentication method of the ECR integration
createdOrUpdatedBy String
createdOrUpdatedTime String
credentials IntegrationEcrCredentials: The credentials needed by the integration. See Credentials below for details.
enabled Boolean: The state of the external integration. Defaults to true.
integrationEcrId String
intgGuid String
limitByLabels List<IntegrationEcrLimitByLabel>: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limitByRepositories List<String>: A list of repositories to assess.
limitByTags List<String>: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limitNumImgs Double: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name String: The ECR integration name.
nonOsPackageSupport Boolean: Enable program language scanning. Defaults to true.
orgLevel Boolean: Whether or not this integration is configured at the Organization level
registryDomain String: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
typeName String

awsAuthType string: Authentication method of the ECR integration
createdOrUpdatedBy string
createdOrUpdatedTime string
credentials IntegrationEcrCredentials: The credentials needed by the integration. See Credentials below for details.
enabled boolean: The state of the external integration. Defaults to true.
integrationEcrId string
intgGuid string
limitByLabels IntegrationEcrLimitByLabel[]: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limitByRepositories string[]: A list of repositories to assess.
limitByTags string[]: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limitNumImgs number: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name string: The ECR integration name.
nonOsPackageSupport boolean: Enable program language scanning. Defaults to true.
orgLevel boolean: Whether or not this integration is configured at the Organization level
registryDomain string: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
typeName string

aws_auth_type str: Authentication method of the ECR integration
created_or_updated_by str
created_or_updated_time str
credentials IntegrationEcrCredentialsArgs: The credentials needed by the integration. See Credentials below for details.
enabled bool: The state of the external integration. Defaults to true.
integration_ecr_id str
intg_guid str
limit_by_labels Sequence[IntegrationEcrLimitByLabelArgs]: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limit_by_repositories Sequence[str]: A list of repositories to assess.
limit_by_tags Sequence[str]: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limit_num_imgs float: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name str: The ECR integration name.
non_os_package_support bool: Enable program language scanning. Defaults to true.
org_level bool: Whether or not this integration is configured at the Organization level
registry_domain str: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
type_name str

awsAuthType String: Authentication method of the ECR integration
createdOrUpdatedBy String
createdOrUpdatedTime String
credentials Property Map: The credentials needed by the integration. See Credentials below for details.
enabled Boolean: The state of the external integration. Defaults to true.
integrationEcrId String
intgGuid String
limitByLabels List<Property Map>: A list of key/value labels to limit the assessment of images. If you specify limit_by_tags and limit_by_label limits, they function as an AND.
limitByRepositories List<String>: A list of repositories to assess.
limitByTags List<String>: A list of image tags to limit the assessment of images with matching tags. If you specify limit_by_tags and limit_by_labels limits, they function as an AND.
limitNumImgs Number: The maximum number of newest container images to assess per repository. Must be one of 5, 10, or 15. Defaults to 5.
name String: The ECR integration name.
nonOsPackageSupport Boolean: Enable program language scanning. Defaults to true.
orgLevel Boolean: Whether or not this integration is configured at the Organization level
registryDomain String: The Amazon Container Registry (ECR) domain in the format YourAWSAccount.dkr.ecr.YourRegion.amazonaws.com, where YourAWSAcount is the AWS account number for the AWS IAM user that has a role with permissions to access the ECR and YourRegion is your AWS region such as us-west-2.
typeName String

Supporting Types

IntegrationEcrCredentials, IntegrationEcrCredentialsArgs

AccessKeyId string

The AWS access key ID for an AWS IAM user that has a role with permissions to access the Amazon Container Registry (ECR).

ExternalId string

The external ID for the IAM role.

For AWS Access Key-Based Authentication, only both of these arguments are required:

RoleArn string

The ARN of the IAM role with permissions to access the Amazon Container Registry (ECR).

SecretAccessKey string

The AWS secret key for the specified AWS access key.

AccessKeyId string

The AWS access key ID for an AWS IAM user that has a role with permissions to access the Amazon Container Registry (ECR).

ExternalId string

The external ID for the IAM role.

For AWS Access Key-Based Authentication, only both of these arguments are required:

RoleArn string

The ARN of the IAM role with permissions to access the Amazon Container Registry (ECR).

SecretAccessKey string

The AWS secret key for the specified AWS access key.

accessKeyId String

The AWS access key ID for an AWS IAM user that has a role with permissions to access the Amazon Container Registry (ECR).

externalId String

The external ID for the IAM role.

For AWS Access Key-Based Authentication, only both of these arguments are required:

roleArn String

The ARN of the IAM role with permissions to access the Amazon Container Registry (ECR).

secretAccessKey String

The AWS secret key for the specified AWS access key.

accessKeyId string

The AWS access key ID for an AWS IAM user that has a role with permissions to access the Amazon Container Registry (ECR).

externalId string

The external ID for the IAM role.

For AWS Access Key-Based Authentication, only both of these arguments are required:

roleArn string

The ARN of the IAM role with permissions to access the Amazon Container Registry (ECR).

secretAccessKey string

The AWS secret key for the specified AWS access key.

access_key_id str

The AWS access key ID for an AWS IAM user that has a role with permissions to access the Amazon Container Registry (ECR).

external_id str

The external ID for the IAM role.

For AWS Access Key-Based Authentication, only both of these arguments are required:

role_arn str

The ARN of the IAM role with permissions to access the Amazon Container Registry (ECR).

secret_access_key str

The AWS secret key for the specified AWS access key.

accessKeyId String

The AWS access key ID for an AWS IAM user that has a role with permissions to access the Amazon Container Registry (ECR).

externalId String

The external ID for the IAM role.

For AWS Access Key-Based Authentication, only both of these arguments are required:

roleArn String

The ARN of the IAM role with permissions to access the Amazon Container Registry (ECR).

secretAccessKey String

The AWS secret key for the specified AWS access key.

IntegrationEcrLimitByLabel, IntegrationEcrLimitByLabelArgs

Key string

The key of the label.

Value string

The value of the label.

For example, to limit by the label key with values value and value2, plus the label key1 with value value.

import * as pulumi from "@pulumi/pulumi";

import pulumi

using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

Key string

The key of the label.

Value string

The value of the label.

For example, to limit by the label key with values value and value2, plus the label key1 with value value.

import * as pulumi from "@pulumi/pulumi";

import pulumi

using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

key String

The key of the label.

value String

The value of the label.

For example, to limit by the label key with values value and value2, plus the label key1 with value value.

import * as pulumi from "@pulumi/pulumi";

import pulumi

using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

key string

The key of the label.

value string

The value of the label.

For example, to limit by the label key with values value and value2, plus the label key1 with value value.

import * as pulumi from "@pulumi/pulumi";

import pulumi

using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

key str

The key of the label.

value str

The value of the label.

For example, to limit by the label key with values value and value2, plus the label key1 with value value.

import * as pulumi from "@pulumi/pulumi";

import pulumi

using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

key String

The key of the label.

value String

The value of the label.

For example, to limit by the label key with values value and value2, plus the label key1 with value value.

import * as pulumi from "@pulumi/pulumi";

import pulumi

using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

Package Details

Repository: lacework lacework/terraform-provider-lacework
License
Notes: This Pulumi package is based on the lacework Terraform Provider.

lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

lacework/terraform-provider-lacework

lacework.IntegrationEcr

On this page

On this page

Import

Create IntegrationEcr Resource

Constructor syntax

Parameters

Constructor example

IntegrationEcr Resource Properties

Inputs

Outputs

Look up Existing IntegrationEcr Resource

Supporting Types

IntegrationEcrCredentials, IntegrationEcrCredentialsArgs

IntegrationEcrLimitByLabel, IntegrationEcrLimitByLabelArgs

Package Details

On this page

On this page