Table of Contents
A low-level client representing Amazon EC2 Container Registry (ECR):
import boto3
client = boto3.client('ecr')
These are the available methods:
Check the availability of multiple image layers in a specified registry and repository.
Note
This operation is used by the Amazon ECR proxy, and it is not intended for general use by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.batch_check_layer_availability(
registryId='string',
repositoryName='string',
layerDigests=[
'string',
]
)
[REQUIRED]
The name of the repository that is associated with the image layers to check.
[REQUIRED]
The digests of the image layers to check.
dict
Response Syntax
{
'layers': [
{
'layerDigest': 'string',
'layerAvailability': 'AVAILABLE'|'UNAVAILABLE',
'layerSize': 123,
'mediaType': 'string'
},
],
'failures': [
{
'layerDigest': 'string',
'failureCode': 'InvalidLayerDigest'|'MissingLayerDigest',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
layers (list) --
A list of image layer objects corresponding to the image layer references in the request.
(dict) --
An object representing an Amazon ECR image layer.
layerDigest (string) --
The sha256 digest of the image layer.
layerAvailability (string) --
The availability status of the image layer.
layerSize (integer) --
The size, in bytes, of the image layer.
mediaType (string) --
The media type of the layer, such as application/vnd.docker.image.rootfs.diff.tar.gzip or application/vnd.oci.image.layer.v1.tar+gzip .
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image layer failure.
layerDigest (string) --
The layer digest associated with the failure.
failureCode (string) --
The failure code associated with the failure.
failureReason (string) --
The reason for the failure.
Deletes a list of specified images within a specified repository. Images are specified with either imageTag or imageDigest .
You can remove a tag from an image by specifying the image's tag in your request. When you remove the last tag from an image, the image is deleted from your repository.
You can completely delete an image (and all of its tags) by specifying the image's digest in your request.
See also: AWS API Documentation
Request Syntax
response = client.batch_delete_image(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
]
)
[REQUIRED]
The repository that contains the image to delete.
[REQUIRED]
A list of image ID references that correspond to images to delete. The format of the imageIds reference is imageTag=tag or imageDigest=digest .
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
dict
Response Syntax
{
'imageIds': [
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
'failures': [
{
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'failureCode': 'InvalidImageDigest'|'InvalidImageTag'|'ImageTagDoesNotMatchDigest'|'ImageNotFound'|'MissingDigestAndTag',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
imageIds (list) --
The image IDs of the deleted images.
(dict) --
An object with identifying information for an Amazon ECR image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image failure.
imageId (dict) --
The image ID associated with the failure.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
failureCode (string) --
The code associated with the failure.
failureReason (string) --
The reason for the failure.
Examples
This example deletes images with the tags precise and trusty in a repository called ubuntu in the default registry for an account.
response = client.batch_delete_image(
imageIds=[
{
'imageTag': 'precise',
},
],
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'failures': [
],
'imageIds': [
{
'imageDigest': 'sha256:examplee6d1e504117a17000003d3753086354a38375961f2e665416ef4b1b2f',
'imageTag': 'precise',
},
],
'ResponseMetadata': {
'...': '...',
},
}
Gets detailed information for specified images within a specified repository. Images are specified with either imageTag or imageDigest .
See also: AWS API Documentation
Request Syntax
response = client.batch_get_image(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
acceptedMediaTypes=[
'string',
]
)
[REQUIRED]
The repository that contains the images to describe.
[REQUIRED]
A list of image ID references that correspond to images to describe. The format of the imageIds reference is imageTag=tag or imageDigest=digest .
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
The accepted media types for the request.
Valid values: application/vnd.docker.distribution.manifest.v1+json | application/vnd.docker.distribution.manifest.v2+json | application/vnd.oci.image.manifest.v1+json
dict
Response Syntax
{
'images': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageManifest': 'string'
},
],
'failures': [
{
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'failureCode': 'InvalidImageDigest'|'InvalidImageTag'|'ImageTagDoesNotMatchDigest'|'ImageNotFound'|'MissingDigestAndTag',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
images (list) --
A list of image objects corresponding to the image references in the request.
(dict) --
An object representing an Amazon ECR image.
registryId (string) --
The AWS account ID associated with the registry containing the image.
repositoryName (string) --
The name of the repository associated with the image.
imageId (dict) --
An object containing the image tag and image digest associated with an image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageManifest (string) --
The image manifest associated with the image.
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image failure.
imageId (dict) --
The image ID associated with the failure.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
failureCode (string) --
The code associated with the failure.
failureReason (string) --
The reason for the failure.
Examples
This example obtains information for an image with a specified image digest ID from the repository named ubuntu in the current account.
response = client.batch_get_image(
imageIds=[
{
'imageTag': 'precise',
},
],
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'failures': [
],
'images': [
{
'imageId': {
'imageDigest': 'sha256:example76bdff6d83a09ba2a818f0d00000063724a9ac3ba5019c56f74ebf42a',
'imageTag': 'precise',
},
'imageManifest': '{\n "schemaVersion": 1,\n "name": "ubuntu",\n "tag": "precise",\n...',
'registryId': '244698725403',
'repositoryName': 'ubuntu',
},
],
'ResponseMetadata': {
'...': '...',
},
}
Check if an operation can be paginated.
Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a sha256 digest of the image layer for data validation purposes.
Note
This operation is used by the Amazon ECR proxy, and it is not intended for general use by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.complete_layer_upload(
registryId='string',
repositoryName='string',
uploadId='string',
layerDigests=[
'string',
]
)
[REQUIRED]
The name of the repository to associate with the image layer.
[REQUIRED]
The upload ID from a previous InitiateLayerUpload operation to associate with the image layer.
[REQUIRED]
The sha256 digest of the image layer.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'uploadId': 'string',
'layerDigest': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
uploadId (string) --
The upload ID associated with the layer.
layerDigest (string) --
The sha256 digest of the image layer.
Creates an Amazon Elastic Container Registry (Amazon ECR) repository, where users can push and pull Docker images. For more information, see Amazon ECR Repositories in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_repository(
repositoryName='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
imageTagMutability='MUTABLE'|'IMMUTABLE',
imageScanningConfiguration={
'scanOnPush': True|False
}
)
[REQUIRED]
The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app ) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app ).
The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the StartImageScan API.
dict
Response Syntax
{
'repository': {
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
}
}
}
Response Structure
(dict) --
repository (dict) --
The repository that was created.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, AWS account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test .
registryId (string) --
The AWS account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for Docker push or pull operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the StartImageScan API.
Examples
This example creates a repository called nginx-web-app inside the project-a namespace in the default registry for an account.
response = client.create_repository(
repositoryName='project-a/nginx-web-app',
)
print(response)
Expected Output:
{
'repository': {
'registryId': '012345678901',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678901:repository/project-a/nginx-web-app',
'repositoryName': 'project-a/nginx-web-app',
},
'ResponseMetadata': {
'...': '...',
},
}
Deletes the specified lifecycle policy.
See also: AWS API Documentation
Request Syntax
response = client.delete_lifecycle_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'lastEvaluatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
lastEvaluatedAt (datetime) --
The time stamp of the last time that the lifecycle policy was run.
Deletes an existing image repository. If a repository contains images, you must use the force option to delete it.
See also: AWS API Documentation
Request Syntax
response = client.delete_repository(
registryId='string',
repositoryName='string',
force=True|False
)
[REQUIRED]
The name of the repository to delete.
dict
Response Syntax
{
'repository': {
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
}
}
}
Response Structure
(dict) --
repository (dict) --
The repository that was deleted.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, AWS account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test .
registryId (string) --
The AWS account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for Docker push or pull operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the StartImageScan API.
Examples
This example force deletes a repository named ubuntu in the default registry for an account. The force parameter is required if the repository contains images.
response = client.delete_repository(
force=True,
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'repository': {
'registryId': '012345678901',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678901:repository/ubuntu',
'repositoryName': 'ubuntu',
},
'ResponseMetadata': {
'...': '...',
},
}
Deletes the repository policy from a specified repository.
See also: AWS API Documentation
Request Syntax
response = client.delete_repository_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository that is associated with the repository policy to delete.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'policyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
policyText (string) --
The JSON repository policy that was deleted from the repository.
Examples
This example deletes the policy associated with the repository named ubuntu in the current account.
response = client.delete_repository_policy(
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'policyText': '{ ... }',
'registryId': '012345678901',
'repositoryName': 'ubuntu',
'ResponseMetadata': {
'...': '...',
},
}
Describes the image scan findings for the specified image.
See also: AWS API Documentation
Request Syntax
response = client.describe_image_scan_findings(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
nextToken='string',
maxResults=123
)
[REQUIRED]
The repository for the image for which to describe the scan findings.
[REQUIRED]
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED',
'description': 'string'
},
'imageScanFindings': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findings': [
{
'name': 'string',
'description': 'string',
'uri': 'string',
'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNDEFINED',
'attributes': [
{
'key': 'string',
'value': 'string'
},
]
},
],
'findingSeverityCounts': {
'string': 123
}
},
'nextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an Amazon ECR image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindings (dict) --
The information contained in the image scan findings.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findings (list) --
The findings from the image scan.
(dict) --
Contains information about an image scan finding.
name (string) --
The name associated with the finding, usually a CVE number.
description (string) --
The description of the finding.
uri (string) --
A link containing additional details about the security vulnerability.
severity (string) --
The finding severity.
attributes (list) --
A collection of attributes of the host from which the finding is generated.
(dict) --
This data type is used in the ImageScanFinding data type.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
nextToken (string) --
The nextToken value to include in a future DescribeImageScanFindings request. When the results of a DescribeImageScanFindings request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Returns metadata about the images in a repository, including image size, image tags, and creation date.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages .
See also: AWS API Documentation
Request Syntax
response = client.describe_images(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
}
)
[REQUIRED]
The repository that contains the images to describe.
The list of image IDs for the requested repository.
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
The filter key and value with which to filter your DescribeImages results.
The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED or UNTAGGED .
dict
Response Syntax
{
'imageDetails': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageDigest': 'string',
'imageTags': [
'string',
],
'imageSizeInBytes': 123,
'imagePushedAt': datetime(2015, 1, 1),
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED',
'description': 'string'
},
'imageScanFindingsSummary': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
}
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
imageDetails (list) --
A list of ImageDetail objects that contain data about the image.
(dict) --
An object that describes an image returned by a DescribeImages operation.
registryId (string) --
The AWS account ID associated with the registry to which this image belongs.
repositoryName (string) --
The name of the repository to which this image belongs.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTags (list) --
The list of tags associated with this image.
imageSizeInBytes (integer) --
The size, in bytes, of the image in the repository.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages .
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindingsSummary (dict) --
A summary of the last completed image scan.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
nextToken (string) --
The nextToken value to include in a future DescribeImages request. When the results of a DescribeImages request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Describes image repositories in a registry.
See also: AWS API Documentation
Request Syntax
response = client.describe_repositories(
registryId='string',
repositoryNames=[
'string',
],
nextToken='string',
maxResults=123
)
A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.
The nextToken value returned from a previous paginated DescribeRepositories request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify repositories with repositoryNames .
Note
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
dict
Response Syntax
{
'repositories': [
{
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
repositories (list) --
A list of repository objects corresponding to valid repositories.
(dict) --
An object representing a repository.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, AWS account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test .
registryId (string) --
The AWS account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for Docker push or pull operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the StartImageScan API.
nextToken (string) --
The nextToken value to include in a future DescribeRepositories request. When the results of a DescribeRepositories request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Examples
The following example obtains a list and description of all repositories in the default registry to which the current user has access.
response = client.describe_repositories(
)
print(response)
Expected Output:
{
'repositories': [
{
'registryId': '012345678910',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678910:repository/ubuntu',
'repositoryName': 'ubuntu',
},
{
'registryId': '012345678910',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678910:repository/test',
'repositoryName': 'test',
},
],
'ResponseMetadata': {
'...': '...',
},
}
Generate a presigned url given a client, its method, and arguments
The presigned url
Retrieves a token that is valid for a specified registry for 12 hours. This command allows you to use the docker CLI to push and pull images with Amazon ECR. If you do not specify a registry, the default registry is assumed.
The authorizationToken returned for each registry specified is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The AWS CLI offers an aws ecr get-login command that simplifies the login process.
See also: AWS API Documentation
Request Syntax
response = client.get_authorization_token(
registryIds=[
'string',
]
)
A list of AWS account IDs that are associated with the registries for which to get authorization tokens. If you do not specify a registry, the default registry is assumed.
{
'authorizationData': [
{
'authorizationToken': 'string',
'expiresAt': datetime(2015, 1, 1),
'proxyEndpoint': 'string'
},
]
}
Response Structure
A list of authorization token data objects that correspond to the registryIds values in the request.
An object representing authorization data for an Amazon ECR registry.
A base64-encoded string that contains authorization data for the specified Amazon ECR registry. When the string is decoded, it is presented in the format user:password for private registry authentication using docker login .
The Unix time in seconds and milliseconds when the authorization token expires. Authorization tokens are valid for 12 hours.
The registry URL to use for this authorization token in a docker login command. The Amazon ECR registry URL format is https://aws_account_id.dkr.ecr.region.amazonaws.com . For example, https://012345678910.dkr.ecr.us-east-1.amazonaws.com ..
Examples
This example gets an authorization token for your default registry.
response = client.get_authorization_token(
)
print(response)
Expected Output:
{
'authorizationData': [
{
'authorizationToken': 'QVdTOkN...',
'expiresAt': datetime(2016, 8, 11, 21, 44, 52, 3, 224, 0),
'proxyEndpoint': 'https://012345678901.dkr.ecr.us-west-2.amazonaws.com',
},
],
'ResponseMetadata': {
'...': '...',
},
}
Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.
Note
This operation is used by the Amazon ECR proxy, and it is not intended for general use by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.get_download_url_for_layer(
registryId='string',
repositoryName='string',
layerDigest='string'
)
[REQUIRED]
The name of the repository that is associated with the image layer to download.
[REQUIRED]
The digest of the image layer to download.
dict
Response Syntax
{
'downloadUrl': 'string',
'layerDigest': 'string'
}
Response Structure
(dict) --
downloadUrl (string) --
The pre-signed Amazon S3 download URL for the requested layer.
layerDigest (string) --
The digest of the image layer to download.
Retrieves the specified lifecycle policy.
See also: AWS API Documentation
Request Syntax
response = client.get_lifecycle_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'lastEvaluatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
lastEvaluatedAt (datetime) --
The time stamp of the last time that the lifecycle policy was run.
Retrieves the results of the specified lifecycle policy preview request.
See also: AWS API Documentation
Request Syntax
response = client.get_lifecycle_policy_preview(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
}
)
[REQUIRED]
The name of the repository.
The list of imageIDs to be included.
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
An optional parameter that filters results based on image tag status and all tags, if tagged.
The tag status of the image.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'EXPIRED'|'FAILED',
'nextToken': 'string',
'previewResults': [
{
'imageTags': [
'string',
],
'imageDigest': 'string',
'imagePushedAt': datetime(2015, 1, 1),
'action': {
'type': 'EXPIRE'
},
'appliedRulePriority': 123
},
],
'summary': {
'expiringImageTotalCount': 123
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
status (string) --
The status of the lifecycle policy preview request.
nextToken (string) --
The nextToken value to include in a future GetLifecyclePolicyPreview request. When the results of a GetLifecyclePolicyPreview request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
previewResults (list) --
The results of the lifecycle policy preview request.
(dict) --
The result of the lifecycle policy preview.
imageTags (list) --
The list of tags associated with this image.
imageDigest (string) --
The sha256 digest of the image manifest.
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
action (dict) --
The type of action to be taken.
type (string) --
The type of action to be taken.
appliedRulePriority (integer) --
The priority of the applied rule.
summary (dict) --
The list of images that is returned as a result of the action.
expiringImageTotalCount (integer) --
The number of expiring images.
Create a paginator for an operation.
Retrieves the repository policy for a specified repository.
See also: AWS API Documentation
Request Syntax
response = client.get_repository_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository with the policy to retrieve.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'policyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
policyText (string) --
The JSON repository policy text associated with the repository.
Examples
This example obtains the repository policy for the repository named ubuntu.
response = client.get_repository_policy(
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'policyText': '{\n "Version" : "2008-10-17",\n "Statement" : [ {\n "Sid" : "new statement",\n "Effect" : "Allow",\n "Principal" : {\n "AWS" : "arn:aws:iam::012345678901:role/CodeDeployDemo"\n },\n"Action" : [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ]\n } ]\n}',
'registryId': '012345678901',
'repositoryName': 'ubuntu',
'ResponseMetadata': {
'...': '...',
},
}
Returns an object that can wait for some condition.
Notify Amazon ECR that you intend to upload an image layer.
Note
This operation is used by the Amazon ECR proxy, and it is not intended for general use by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.initiate_layer_upload(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository to which you intend to upload layers.
dict
Response Syntax
{
'uploadId': 'string',
'partSize': 123
}
Response Structure
(dict) --
uploadId (string) --
The upload ID for the layer upload. This parameter is passed to further UploadLayerPart and CompleteLayerUpload operations.
partSize (integer) --
The size, in bytes, that Amazon ECR expects future layer part uploads to be.
Lists all the image IDs for a given repository.
You can filter images based on whether or not they are tagged by setting the tagStatus parameter to TAGGED or UNTAGGED . For example, you can filter your results to return only UNTAGGED images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only TAGGED images to list all of the tags in your repository.
See also: AWS API Documentation
Request Syntax
response = client.list_images(
registryId='string',
repositoryName='string',
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
}
)
[REQUIRED]
The repository with image IDs to be listed.
The nextToken value returned from a previous paginated ListImages request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
Note
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
The filter key and value with which to filter your ListImages results.
The tag status with which to filter your ListImages results. You can filter results based on whether they are TAGGED or UNTAGGED .
dict
Response Syntax
{
'imageIds': [
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
imageIds (list) --
The list of image IDs for the requested repository.
(dict) --
An object with identifying information for an Amazon ECR image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
nextToken (string) --
The nextToken value to include in a future ListImages request. When the results of a ListImages request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Examples
This example lists all of the images in the repository named ubuntu in the default registry in the current account.
response = client.list_images(
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'imageIds': [
{
'imageDigest': 'sha256:764f63476bdff6d83a09ba2a818f0d35757063724a9ac3ba5019c56f74ebf42a',
'imageTag': 'precise',
},
],
'ResponseMetadata': {
'...': '...',
},
}
List the tags for an Amazon ECR resource.
See also: AWS API Documentation
Request Syntax
response = client.list_tags_for_resource(
resourceArn='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the only supported resource is an Amazon ECR repository.
{
'tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
The tags for the resource.
The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
Creates or updates the image manifest and tags associated with an image.
Note
This operation is used by the Amazon ECR proxy, and it is not intended for general use by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.put_image(
registryId='string',
repositoryName='string',
imageManifest='string',
imageTag='string'
)
[REQUIRED]
The name of the repository in which to put the image.
[REQUIRED]
The image manifest corresponding to the image to be uploaded.
dict
Response Syntax
{
'image': {
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageManifest': 'string'
}
}
Response Structure
(dict) --
image (dict) --
Details of the image uploaded.
registryId (string) --
The AWS account ID associated with the registry containing the image.
repositoryName (string) --
The name of the repository associated with the image.
imageId (dict) --
An object containing the image tag and image digest associated with an image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageManifest (string) --
The image manifest associated with the image.
Updates the image scanning configuration for a repository.
See also: AWS API Documentation
Request Syntax
response = client.put_image_scanning_configuration(
registryId='string',
repositoryName='string',
imageScanningConfiguration={
'scanOnPush': True|False
}
)
[REQUIRED]
The name of the repository in which to update the image scanning configuration setting.
[REQUIRED]
The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the StartImageScan API.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageScanningConfiguration': {
'scanOnPush': True|False
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageScanningConfiguration (dict) --
The image scanning configuration setting for the repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the StartImageScan API.
Updates the image tag mutability settings for a repository. When a repository is configured with tag immutability, all image tags within the repository will be prevented them from being overwritten. For more information, see Image Tag Mutability in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_image_tag_mutability(
registryId='string',
repositoryName='string',
imageTagMutability='MUTABLE'|'IMMUTABLE'
)
[REQUIRED]
The name of the repository in which to update the image tag mutability settings.
[REQUIRED]
The tag mutability setting for the repository. If MUTABLE is specified, image tags can be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageTagMutability': 'MUTABLE'|'IMMUTABLE'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageTagMutability (string) --
The image tag mutability setting for the repository.
Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see Lifecycle Policy Template .
See also: AWS API Documentation
Request Syntax
response = client.put_lifecycle_policy(
registryId='string',
repositoryName='string',
lifecyclePolicyText='string'
)
[REQUIRED]
The name of the repository to receive the policy.
[REQUIRED]
The JSON repository policy text to apply to the repository.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON repository policy text.
Applies a repository policy on a specified repository to control access permissions. For more information, see Amazon ECR Repository Policies in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.set_repository_policy(
registryId='string',
repositoryName='string',
policyText='string',
force=True|False
)
[REQUIRED]
The name of the repository to receive the policy.
[REQUIRED]
The JSON repository policy text to apply to the repository. For more information, see Amazon ECR Repository Policy Examples in the Amazon Elastic Container Registry User Guide .
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'policyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
policyText (string) --
The JSON repository policy text applied to the repository.
Starts an image vulnerability scan. An image scan can only be started once per day on an individual image. This limit includes if an image was scanned on initial push. For more information, see Image Scanning in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.start_image_scan(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
}
)
[REQUIRED]
The name of the repository that contains the images to scan.
[REQUIRED]
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED',
'description': 'string'
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an Amazon ECR image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
Starts a preview of the specified lifecycle policy. This allows you to see the results before creating the lifecycle policy.
See also: AWS API Documentation
Request Syntax
response = client.start_lifecycle_policy_preview(
registryId='string',
repositoryName='string',
lifecyclePolicyText='string'
)
[REQUIRED]
The name of the repository to be evaluated.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'EXPIRED'|'FAILED'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON repository policy text.
status (string) --
The status of the lifecycle policy preview request.
Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.
See also: AWS API Documentation
Request Syntax
response = client.tag_resource(
resourceArn='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The Amazon Resource Name (ARN) of the the resource to which to add tags. Currently, the only supported resource is an Amazon ECR repository.
[REQUIRED]
The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
dict
Response Syntax
{}
Response Structure
Deletes specified tags from a resource.
See also: AWS API Documentation
Request Syntax
response = client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
[REQUIRED]
The Amazon Resource Name (ARN) of the resource from which to remove tags. Currently, the only supported resource is an Amazon ECR repository.
[REQUIRED]
The keys of the tags to be removed.
dict
Response Syntax
{}
Response Structure
Uploads an image layer part to Amazon ECR.
Note
This operation is used by the Amazon ECR proxy, and it is not intended for general use by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.upload_layer_part(
registryId='string',
repositoryName='string',
uploadId='string',
partFirstByte=123,
partLastByte=123,
layerPartBlob=b'bytes'
)
[REQUIRED]
The name of the repository to which you are uploading layer parts.
[REQUIRED]
The upload ID from a previous InitiateLayerUpload operation to associate with the layer part upload.
[REQUIRED]
The integer value of the first byte of the layer part.
[REQUIRED]
The integer value of the last byte of the layer part.
[REQUIRED]
The base64-encoded layer part payload.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'uploadId': 'string',
'lastByteReceived': 123
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
uploadId (string) --
The upload ID associated with the request.
lastByteReceived (integer) --
The integer value of the last byte received in the request.
The available paginators are:
paginator = client.get_paginator('describe_image_scan_findings')
Creates an iterator that will paginate through responses from ECR.Client.describe_image_scan_findings().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The repository for the image for which to describe the scan findings.
[REQUIRED]
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED',
'description': 'string'
},
'imageScanFindings': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findings': [
{
'name': 'string',
'description': 'string',
'uri': 'string',
'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNDEFINED',
'attributes': [
{
'key': 'string',
'value': 'string'
},
]
},
],
'findingSeverityCounts': {
'string': 123
}
},
'NextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an Amazon ECR image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindings (dict) --
The information contained in the image scan findings.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findings (list) --
The findings from the image scan.
(dict) --
Contains information about an image scan finding.
name (string) --
The name associated with the finding, usually a CVE number.
description (string) --
The description of the finding.
uri (string) --
A link containing additional details about the security vulnerability.
severity (string) --
The finding severity.
attributes (list) --
A collection of attributes of the host from which the finding is generated.
(dict) --
This data type is used in the ImageScanFinding data type.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('describe_images')
Creates an iterator that will paginate through responses from ECR.Client.describe_images().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The repository that contains the images to describe.
The list of image IDs for the requested repository.
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
The filter key and value with which to filter your DescribeImages results.
The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED or UNTAGGED .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'imageDetails': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageDigest': 'string',
'imageTags': [
'string',
],
'imageSizeInBytes': 123,
'imagePushedAt': datetime(2015, 1, 1),
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED',
'description': 'string'
},
'imageScanFindingsSummary': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
imageDetails (list) --
A list of ImageDetail objects that contain data about the image.
(dict) --
An object that describes an image returned by a DescribeImages operation.
registryId (string) --
The AWS account ID associated with the registry to which this image belongs.
repositoryName (string) --
The name of the repository to which this image belongs.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTags (list) --
The list of tags associated with this image.
imageSizeInBytes (integer) --
The size, in bytes, of the image in the repository.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages .
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindingsSummary (dict) --
A summary of the last completed image scan.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('describe_repositories')
Creates an iterator that will paginate through responses from ECR.Client.describe_repositories().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryNames=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'repositories': [
{
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
repositories (list) --
A list of repository objects corresponding to valid repositories.
(dict) --
An object representing a repository.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr namespace, followed by the region of the repository, AWS account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test .
registryId (string) --
The AWS account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for Docker push or pull operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true , images will be scanned after being pushed. If this parameter is not specified, it will default to false and images will not be scanned unless a scan is manually started with the StartImageScan API.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('get_lifecycle_policy_preview')
Creates an iterator that will paginate through responses from ECR.Client.get_lifecycle_policy_preview().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the repository.
The list of imageIDs to be included.
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
An optional parameter that filters results based on image tag status and all tags, if tagged.
The tag status of the image.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'EXPIRED'|'FAILED',
'previewResults': [
{
'imageTags': [
'string',
],
'imageDigest': 'string',
'imagePushedAt': datetime(2015, 1, 1),
'action': {
'type': 'EXPIRE'
},
'appliedRulePriority': 123
},
],
'summary': {
'expiringImageTotalCount': 123
},
'NextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
status (string) --
The status of the lifecycle policy preview request.
previewResults (list) --
The results of the lifecycle policy preview request.
(dict) --
The result of the lifecycle policy preview.
imageTags (list) --
The list of tags associated with this image.
imageDigest (string) --
The sha256 digest of the image manifest.
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
action (dict) --
The type of action to be taken.
type (string) --
The type of action to be taken.
appliedRulePriority (integer) --
The priority of the applied rule.
summary (dict) --
The list of images that is returned as a result of the action.
expiringImageTotalCount (integer) --
The number of expiring images.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_images')
Creates an iterator that will paginate through responses from ECR.Client.list_images().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The repository with image IDs to be listed.
The filter key and value with which to filter your ListImages results.
The tag status with which to filter your ListImages results. You can filter results based on whether they are TAGGED or UNTAGGED .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'imageIds': [
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
imageIds (list) --
The list of image IDs for the requested repository.
(dict) --
An object with identifying information for an Amazon ECR image.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
NextToken (string) --
A token to resume pagination.
The available waiters are:
waiter = client.get_waiter('image_scan_complete')
Polls ECR.Client.describe_image_scan_findings() every 5 seconds until a successful state is reached. An error is returned after 60 failed checks.
See also: AWS API Documentation
Request Syntax
waiter.wait(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
nextToken='string',
maxResults=123,
WaiterConfig={
'Delay': 123,
'MaxAttempts': 123
}
)
[REQUIRED]
The repository for the image for which to describe the scan findings.
[REQUIRED]
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
A dictionary that provides parameters to control waiting behavior.
The amount of time in seconds to wait between attempts. Default: 5
The maximum number of attempts to be made. Default: 60
None
waiter = client.get_waiter('lifecycle_policy_preview_complete')
Polls ECR.Client.get_lifecycle_policy_preview() every 5 seconds until a successful state is reached. An error is returned after 20 failed checks.
See also: AWS API Documentation
Request Syntax
waiter.wait(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
WaiterConfig={
'Delay': 123,
'MaxAttempts': 123
}
)
[REQUIRED]
The name of the repository.
The list of imageIDs to be included.
An object with identifying information for an Amazon ECR image.
The sha256 digest of the image manifest.
The tag used for the image.
An optional parameter that filters results based on image tag status and all tags, if tagged.
The tag status of the image.
A dictionary that provides parameters to control waiting behavior.
The amount of time in seconds to wait between attempts. Default: 5
The maximum number of attempts to be made. Default: 20
None