Table of Contents
ECR.
Client
¶A low-level client representing Amazon EC2 Container Registry (ECR)
Amazon Elastic Container Registry (Amazon ECR) is a managed container image registry service. Customers can use the familiar Docker CLI, or their preferred client, to push, pull, and manage images. Amazon ECR provides a secure, scalable, and reliable registry for your Docker or Open Container Initiative (OCI) images. Amazon ECR supports private repositories with resource-based permissions using IAM so that specific users or Amazon EC2 instances can access repositories and images.
Amazon ECR has service endpoints in each supported Region. For more information, see Amazon ECR endpoints in the Amazon Web Services General Reference .
import boto3
client = boto3.client('ecr')
These are the available methods:
batch_check_layer_availability()
batch_delete_image()
batch_get_image()
batch_get_repository_scanning_configuration()
can_paginate()
close()
complete_layer_upload()
create_pull_through_cache_rule()
create_repository()
delete_lifecycle_policy()
delete_pull_through_cache_rule()
delete_registry_policy()
delete_repository()
delete_repository_policy()
describe_image_replication_status()
describe_image_scan_findings()
describe_images()
describe_pull_through_cache_rules()
describe_registry()
describe_repositories()
get_authorization_token()
get_download_url_for_layer()
get_lifecycle_policy()
get_lifecycle_policy_preview()
get_paginator()
get_registry_policy()
get_registry_scanning_configuration()
get_repository_policy()
get_waiter()
initiate_layer_upload()
list_images()
list_tags_for_resource()
put_image()
put_image_scanning_configuration()
put_image_tag_mutability()
put_lifecycle_policy()
put_registry_policy()
put_registry_scanning_configuration()
put_replication_configuration()
set_repository_policy()
start_image_scan()
start_lifecycle_policy_preview()
tag_resource()
untag_resource()
upload_layer_part()
batch_check_layer_availability
(**kwargs)¶Checks the availability of one or more image layers in a repository.
When an image is pushed to a repository, each image layer is checked to verify if it has been uploaded before. If it has been uploaded, then the image layer is skipped.
Note
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker
CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.batch_check_layer_availability(
registryId='string',
repositoryName='string',
layerDigests=[
'string',
]
)
[REQUIRED]
The name of the repository that is associated with the image layers to check.
[REQUIRED]
The digests of the image layers to check.
dict
Response Syntax
{
'layers': [
{
'layerDigest': 'string',
'layerAvailability': 'AVAILABLE'|'UNAVAILABLE',
'layerSize': 123,
'mediaType': 'string'
},
],
'failures': [
{
'layerDigest': 'string',
'failureCode': 'InvalidLayerDigest'|'MissingLayerDigest',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
layers (list) --
A list of image layer objects corresponding to the image layer references in the request.
(dict) --
An object representing an Amazon ECR image layer.
layerDigest (string) --
The sha256
digest of the image layer.
layerAvailability (string) --
The availability status of the image layer.
layerSize (integer) --
The size, in bytes, of the image layer.
mediaType (string) --
The media type of the layer, such as application/vnd.docker.image.rootfs.diff.tar.gzip
or application/vnd.oci.image.layer.v1.tar+gzip
.
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image layer failure.
layerDigest (string) --
The layer digest associated with the failure.
failureCode (string) --
The failure code associated with the failure.
failureReason (string) --
The reason for the failure.
Exceptions
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ServerException
batch_delete_image
(**kwargs)¶Deletes a list of specified images within a repository. Images are specified with either an imageTag
or imageDigest
.
You can remove a tag from an image by specifying the image's tag in your request. When you remove the last tag from an image, the image is deleted from your repository.
You can completely delete an image (and all of its tags) by specifying the image's digest in your request.
See also: AWS API Documentation
Request Syntax
response = client.batch_delete_image(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
]
)
[REQUIRED]
The repository that contains the image to delete.
[REQUIRED]
A list of image ID references that correspond to images to delete. The format of the imageIds
reference is imageTag=tag
or imageDigest=digest
.
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
dict
Response Syntax
{
'imageIds': [
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
'failures': [
{
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'failureCode': 'InvalidImageDigest'|'InvalidImageTag'|'ImageTagDoesNotMatchDigest'|'ImageNotFound'|'MissingDigestAndTag'|'ImageReferencedByManifestList'|'KmsError',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
imageIds (list) --
The image IDs of the deleted images.
(dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image failure.
imageId (dict) --
The image ID associated with the failure.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
failureCode (string) --
The code associated with the failure.
failureReason (string) --
The reason for the failure.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
Examples
This example deletes images with the tags precise and trusty in a repository called ubuntu in the default registry for an account.
response = client.batch_delete_image(
imageIds=[
{
'imageTag': 'precise',
},
],
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'failures': [
],
'imageIds': [
{
'imageDigest': 'sha256:examplee6d1e504117a17000003d3753086354a38375961f2e665416ef4b1b2f',
'imageTag': 'precise',
},
],
'ResponseMetadata': {
'...': '...',
},
}
batch_get_image
(**kwargs)¶Gets detailed information for an image. Images are specified with either an imageTag
or imageDigest
.
When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_image(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
acceptedMediaTypes=[
'string',
]
)
[REQUIRED]
The repository that contains the images to describe.
[REQUIRED]
A list of image ID references that correspond to images to describe. The format of the imageIds
reference is imageTag=tag
or imageDigest=digest
.
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
The accepted media types for the request.
Valid values: application/vnd.docker.distribution.manifest.v1+json
| application/vnd.docker.distribution.manifest.v2+json
| application/vnd.oci.image.manifest.v1+json
dict
Response Syntax
{
'images': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageManifest': 'string',
'imageManifestMediaType': 'string'
},
],
'failures': [
{
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'failureCode': 'InvalidImageDigest'|'InvalidImageTag'|'ImageTagDoesNotMatchDigest'|'ImageNotFound'|'MissingDigestAndTag'|'ImageReferencedByManifestList'|'KmsError',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
images (list) --
A list of image objects corresponding to the image references in the request.
(dict) --
An object representing an Amazon ECR image.
registryId (string) --
The Amazon Web Services account ID associated with the registry containing the image.
repositoryName (string) --
The name of the repository associated with the image.
imageId (dict) --
An object containing the image tag and image digest associated with an image.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageManifest (string) --
The image manifest associated with the image.
imageManifestMediaType (string) --
The manifest media type of the image.
failures (list) --
Any failures associated with the call.
(dict) --
An object representing an Amazon ECR image failure.
imageId (dict) --
The image ID associated with the failure.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
failureCode (string) --
The code associated with the failure.
failureReason (string) --
The reason for the failure.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
Examples
This example obtains information for an image with a specified image digest ID from the repository named ubuntu in the current account.
response = client.batch_get_image(
imageIds=[
{
'imageTag': 'precise',
},
],
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'failures': [
],
'images': [
{
'imageId': {
'imageDigest': 'sha256:example76bdff6d83a09ba2a818f0d00000063724a9ac3ba5019c56f74ebf42a',
'imageTag': 'precise',
},
'imageManifest': '{\n "schemaVersion": 1,\n "name": "ubuntu",\n "tag": "precise",\n...',
'registryId': '244698725403',
'repositoryName': 'ubuntu',
},
],
'ResponseMetadata': {
'...': '...',
},
}
batch_get_repository_scanning_configuration
(**kwargs)¶Gets the scanning configuration for one or more repositories.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_repository_scanning_configuration(
repositoryNames=[
'string',
]
)
[REQUIRED]
One or more repository names to get the scanning configuration for.
{
'scanningConfigurations': [
{
'repositoryArn': 'string',
'repositoryName': 'string',
'scanOnPush': True|False,
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'appliedScanFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
],
'failures': [
{
'repositoryName': 'string',
'failureCode': 'REPOSITORY_NOT_FOUND',
'failureReason': 'string'
},
]
}
Response Structure
The scanning configuration for the requested repositories.
The details of the scanning configuration for a repository.
The ARN of the repository.
The name of the repository.
Whether or not scan on push is configured for the repository.
The scan frequency for the repository.
The scan filters applied to the repository.
The details of a scanning repository filter. For more information on how to use filters, see Using filters in the Amazon Elastic Container Registry User Guide .
The filter to use when scanning.
The type associated with the filter.
Any failures associated with the call.
The details about any failures associated with the scanning configuration of a repository.
The name of the repository.
The failure code.
The reason for the failure.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ValidationException
can_paginate
(operation_name)¶Check if an operation can be paginated.
create_foo
, and you'd normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.True
if the operation can be paginated,
False
otherwise.close
()¶Closes underlying endpoint connections.
complete_layer_upload
(**kwargs)¶Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a sha256
digest of the image layer for data validation purposes.
When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.
Note
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker
CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.complete_layer_upload(
registryId='string',
repositoryName='string',
uploadId='string',
layerDigests=[
'string',
]
)
[REQUIRED]
The name of the repository to associate with the image layer.
[REQUIRED]
The upload ID from a previous InitiateLayerUpload operation to associate with the image layer.
[REQUIRED]
The sha256
digest of the image layer.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'uploadId': 'string',
'layerDigest': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
uploadId (string) --
The upload ID associated with the layer.
layerDigest (string) --
The sha256
digest of the image layer.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.UploadNotFoundException
ECR.Client.exceptions.InvalidLayerException
ECR.Client.exceptions.LayerPartTooSmallException
ECR.Client.exceptions.LayerAlreadyExistsException
ECR.Client.exceptions.EmptyUploadException
ECR.Client.exceptions.KmsException
create_pull_through_cache_rule
(**kwargs)¶Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an external public registry in your Amazon ECR private registry.
See also: AWS API Documentation
Request Syntax
response = client.create_pull_through_cache_rule(
ecrRepositoryPrefix='string',
upstreamRegistryUrl='string',
registryId='string'
)
[REQUIRED]
The repository name prefix to use when caching images from the source registry.
[REQUIRED]
The registry URL of the upstream public registry to use as the source for the pull through cache rule.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was created.
registryId (string) --
The registry ID associated with the request.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
ECR.Client.exceptions.PullThroughCacheRuleAlreadyExistsException
ECR.Client.exceptions.UnsupportedUpstreamRegistryException
ECR.Client.exceptions.LimitExceededException
create_repository
(**kwargs)¶Creates a repository. For more information, see Amazon ECR repositories in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_repository(
registryId='string',
repositoryName='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
imageTagMutability='MUTABLE'|'IMMUTABLE',
imageScanningConfiguration={
'scanOnPush': True|False
},
encryptionConfiguration={
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
)
[REQUIRED]
The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app
) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app
).
The metadata that you apply to the repository to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
One part of a key-value pair that make up a tag. A key
is a general label that acts like a category for more specific tag values.
A value
acts as a descriptor within a tag category (key).
MUTABLE
will be used which will allow image tags to be overwritten. If IMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
If you use the KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
dict
Response Syntax
{
'repository': {
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
},
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
}
}
Response Structure
(dict) --
repository (dict) --
The repository that was created.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr
namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test
.
registryId (string) --
The Amazon Web Services account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for container image push
and pull
operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) --
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) --
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.InvalidTagParameterException
ECR.Client.exceptions.TooManyTagsException
ECR.Client.exceptions.RepositoryAlreadyExistsException
ECR.Client.exceptions.LimitExceededException
ECR.Client.exceptions.KmsException
Examples
This example creates a repository called nginx-web-app inside the project-a namespace in the default registry for an account.
response = client.create_repository(
repositoryName='project-a/nginx-web-app',
)
print(response)
Expected Output:
{
'repository': {
'registryId': '012345678901',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678901:repository/project-a/nginx-web-app',
'repositoryName': 'project-a/nginx-web-app',
},
'ResponseMetadata': {
'...': '...',
},
}
delete_lifecycle_policy
(**kwargs)¶Deletes the lifecycle policy associated with the specified repository.
See also: AWS API Documentation
Request Syntax
response = client.delete_lifecycle_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'lastEvaluatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
lastEvaluatedAt (datetime) --
The time stamp of the last time that the lifecycle policy was run.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.LifecyclePolicyNotFoundException
delete_pull_through_cache_rule
(**kwargs)¶Deletes a pull through cache rule.
See also: AWS API Documentation
Request Syntax
response = client.delete_pull_through_cache_rule(
ecrRepositoryPrefix='string',
registryId='string'
)
[REQUIRED]
The Amazon ECR repository prefix associated with the pull through cache rule to delete.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the request.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The timestamp associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
ECR.Client.exceptions.PullThroughCacheRuleNotFoundException
delete_registry_policy
()¶Deletes the registry permissions policy.
See also: AWS API Documentation
Request Syntax
response = client.delete_registry_policy()
{
'registryId': 'string',
'policyText': 'string'
}
Response Structure
The registry ID associated with the request.
The contents of the registry permissions policy that was deleted.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RegistryPolicyNotFoundException
ECR.Client.exceptions.ValidationException
delete_repository
(**kwargs)¶Deletes a repository. If the repository contains images, you must either delete all images in the repository or use the force
option to delete the repository.
See also: AWS API Documentation
Request Syntax
response = client.delete_repository(
registryId='string',
repositoryName='string',
force=True|False
)
[REQUIRED]
The name of the repository to delete.
dict
Response Syntax
{
'repository': {
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
},
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
}
}
Response Structure
(dict) --
repository (dict) --
The repository that was deleted.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr
namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test
.
registryId (string) --
The Amazon Web Services account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for container image push
and pull
operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) --
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) --
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.RepositoryNotEmptyException
ECR.Client.exceptions.KmsException
Examples
This example force deletes a repository named ubuntu in the default registry for an account. The force parameter is required if the repository contains images.
response = client.delete_repository(
force=True,
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'repository': {
'registryId': '012345678901',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678901:repository/ubuntu',
'repositoryName': 'ubuntu',
},
'ResponseMetadata': {
'...': '...',
},
}
delete_repository_policy
(**kwargs)¶Deletes the repository policy associated with the specified repository.
See also: AWS API Documentation
Request Syntax
response = client.delete_repository_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository that is associated with the repository policy to delete.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'policyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
policyText (string) --
The JSON repository policy that was deleted from the repository.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.RepositoryPolicyNotFoundException
Examples
This example deletes the policy associated with the repository named ubuntu in the current account.
response = client.delete_repository_policy(
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'policyText': '{ ... }',
'registryId': '012345678901',
'repositoryName': 'ubuntu',
'ResponseMetadata': {
'...': '...',
},
}
describe_image_replication_status
(**kwargs)¶Returns the replication status for a specified image.
See also: AWS API Documentation
Request Syntax
response = client.describe_image_replication_status(
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
registryId='string'
)
[REQUIRED]
The name of the repository that the image is in.
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
dict
Response Syntax
{
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'replicationStatuses': [
{
'region': 'string',
'registryId': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED',
'failureCode': 'string'
},
]
}
Response Structure
(dict) --
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
replicationStatuses (list) --
The replication status details for the images in the specified repository.
(dict) --
The status of the replication process for an image.
region (string) --
The destination Region for the image replication.
registryId (string) --
The Amazon Web Services account ID associated with the registry to which the image belongs.
status (string) --
The image replication status.
failureCode (string) --
The failure code for a replication that has failed.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ImageNotFoundException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ValidationException
describe_image_scan_findings
(**kwargs)¶Returns the scan findings for the specified image.
See also: AWS API Documentation
Request Syntax
response = client.describe_image_scan_findings(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
nextToken='string',
maxResults=123
)
[REQUIRED]
The repository for the image for which to describe the scan findings.
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
nextToken
value returned from a previous paginated DescribeImageScanFindings
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null when there are no more results to return.DescribeImageScanFindings
in paginated output. When this parameter is used, DescribeImageScanFindings
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another DescribeImageScanFindings
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImageScanFindings
returns up to 100 results and a nextToken
value, if applicable.dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
},
'imageScanFindings': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
},
'findings': [
{
'name': 'string',
'description': 'string',
'uri': 'string',
'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNDEFINED',
'attributes': [
{
'key': 'string',
'value': 'string'
},
]
},
],
'enhancedFindings': [
{
'awsAccountId': 'string',
'description': 'string',
'findingArn': 'string',
'firstObservedAt': datetime(2015, 1, 1),
'lastObservedAt': datetime(2015, 1, 1),
'packageVulnerabilityDetails': {
'cvss': [
{
'baseScore': 123.0,
'scoringVector': 'string',
'source': 'string',
'version': 'string'
},
],
'referenceUrls': [
'string',
],
'relatedVulnerabilities': [
'string',
],
'source': 'string',
'sourceUrl': 'string',
'vendorCreatedAt': datetime(2015, 1, 1),
'vendorSeverity': 'string',
'vendorUpdatedAt': datetime(2015, 1, 1),
'vulnerabilityId': 'string',
'vulnerablePackages': [
{
'arch': 'string',
'epoch': 123,
'filePath': 'string',
'name': 'string',
'packageManager': 'string',
'release': 'string',
'sourceLayerHash': 'string',
'version': 'string'
},
]
},
'remediation': {
'recommendation': {
'url': 'string',
'text': 'string'
}
},
'resources': [
{
'details': {
'awsEcrContainerImage': {
'architecture': 'string',
'author': 'string',
'imageHash': 'string',
'imageTags': [
'string',
],
'platform': 'string',
'pushedAt': datetime(2015, 1, 1),
'registry': 'string',
'repositoryName': 'string'
}
},
'id': 'string',
'tags': {
'string': 'string'
},
'type': 'string'
},
],
'score': 123.0,
'scoreDetails': {
'cvss': {
'adjustments': [
{
'metric': 'string',
'reason': 'string'
},
],
'score': 123.0,
'scoreSource': 'string',
'scoringVector': 'string',
'version': 'string'
}
},
'severity': 'string',
'status': 'string',
'title': 'string',
'type': 'string',
'updatedAt': datetime(2015, 1, 1)
},
]
},
'nextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindings (dict) --
The information contained in the image scan findings.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
findings (list) --
The findings from the image scan.
(dict) --
Contains information about an image scan finding.
name (string) --
The name associated with the finding, usually a CVE number.
description (string) --
The description of the finding.
uri (string) --
A link containing additional details about the security vulnerability.
severity (string) --
The finding severity.
attributes (list) --
A collection of attributes of the host from which the finding is generated.
(dict) --
This data type is used in the ImageScanFinding data type.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
enhancedFindings (list) --
Details about the enhanced scan findings from Amazon Inspector.
(dict) --
The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.
awsAccountId (string) --
The Amazon Web Services account ID associated with the image.
description (string) --
The description of the finding.
findingArn (string) --
The Amazon Resource Number (ARN) of the finding.
firstObservedAt (datetime) --
The date and time that the finding was first observed.
lastObservedAt (datetime) --
The date and time that the finding was last observed.
packageVulnerabilityDetails (dict) --
An object that contains the details of a package vulnerability finding.
cvss (list) --
An object that contains details about the CVSS score of a finding.
(dict) --
The CVSS score for a finding.
baseScore (float) --
The base CVSS score used for the finding.
scoringVector (string) --
The vector string of the CVSS score.
source (string) --
The source of the CVSS score.
version (string) --
The version of CVSS used for the score.
referenceUrls (list) --
One or more URLs that contain details about this vulnerability type.
relatedVulnerabilities (list) --
One or more vulnerabilities related to the one identified in this finding.
source (string) --
The source of the vulnerability information.
sourceUrl (string) --
A URL to the source of the vulnerability information.
vendorCreatedAt (datetime) --
The date and time that this vulnerability was first added to the vendor's database.
vendorSeverity (string) --
The severity the vendor has given to this vulnerability type.
vendorUpdatedAt (datetime) --
The date and time the vendor last updated this vulnerability in their database.
vulnerabilityId (string) --
The ID given to this vulnerability.
vulnerablePackages (list) --
The packages impacted by this vulnerability.
(dict) --
Information on the vulnerable package identified by a finding.
arch (string) --
The architecture of the vulnerable package.
epoch (integer) --
The epoch of the vulnerable package.
filePath (string) --
The file path of the vulnerable package.
name (string) --
The name of the vulnerable package.
packageManager (string) --
The package manager of the vulnerable package.
release (string) --
The release of the vulnerable package.
sourceLayerHash (string) --
The source layer hash of the vulnerable package.
version (string) --
The version of the vulnerable package.
remediation (dict) --
An object that contains the details about how to remediate a finding.
recommendation (dict) --
An object that contains information about the recommended course of action to remediate the finding.
url (string) --
The URL address to the CVE remediation recommendations.
text (string) --
The recommended course of action to remediate the finding.
resources (list) --
Contains information on the resources involved in a finding.
(dict) --
Details about the resource involved in a finding.
details (dict) --
An object that contains details about the resource involved in a finding.
awsEcrContainerImage (dict) --
An object that contains details about the Amazon ECR container image involved in the finding.
architecture (string) --
The architecture of the Amazon ECR container image.
author (string) --
The image author of the Amazon ECR container image.
imageHash (string) --
The image hash of the Amazon ECR container image.
imageTags (list) --
The image tags attached to the Amazon ECR container image.
platform (string) --
The platform of the Amazon ECR container image.
pushedAt (datetime) --
The date and time the Amazon ECR container image was pushed.
registry (string) --
The registry the Amazon ECR container image belongs to.
repositoryName (string) --
The name of the repository the Amazon ECR container image resides in.
id (string) --
The ID of the resource.
tags (dict) --
The tags attached to the resource.
type (string) --
The type of resource.
score (float) --
The Amazon Inspector score given to the finding.
scoreDetails (dict) --
An object that contains details of the Amazon Inspector score.
cvss (dict) --
An object that contains details about the CVSS score given to a finding.
adjustments (list) --
An object that contains details about adjustment Amazon Inspector made to the CVSS score.
(dict) --
Details on adjustments Amazon Inspector made to the CVSS score for a finding.
metric (string) --
The metric used to adjust the CVSS score.
reason (string) --
The reason the CVSS score has been adjustment.
score (float) --
The CVSS score.
scoreSource (string) --
The source for the CVSS score.
scoringVector (string) --
The vector for the CVSS score.
version (string) --
The CVSS version used in scoring.
severity (string) --
The severity of the finding.
status (string) --
The status of the finding.
title (string) --
The title of the finding.
type (string) --
The type of the finding.
updatedAt (datetime) --
The date and time the finding was last updated at.
nextToken (string) --
The nextToken
value to include in a future DescribeImageScanFindings
request. When the results of a DescribeImageScanFindings
request exceed maxResults
, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ImageNotFoundException
ECR.Client.exceptions.ScanNotFoundException
ECR.Client.exceptions.ValidationException
describe_images
(**kwargs)¶Returns metadata about the images in a repository.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images
command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages .
See also: AWS API Documentation
Request Syntax
response = client.describe_images(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
}
)
[REQUIRED]
The repository that contains the images to describe.
The list of image IDs for the requested repository.
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
nextToken
value returned from a previous paginated DescribeImages
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null
when there are no more results to return. This option cannot be used when you specify images with imageIds
.DescribeImages
in paginated output. When this parameter is used, DescribeImages
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another DescribeImages
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImages
returns up to 100 results and a nextToken
value, if applicable. This option cannot be used when you specify images with imageIds
.The filter key and value with which to filter your DescribeImages
results.
The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED
or UNTAGGED
.
dict
Response Syntax
{
'imageDetails': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageDigest': 'string',
'imageTags': [
'string',
],
'imageSizeInBytes': 123,
'imagePushedAt': datetime(2015, 1, 1),
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
},
'imageScanFindingsSummary': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
}
},
'imageManifestMediaType': 'string',
'artifactMediaType': 'string',
'lastRecordedPullTime': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
imageDetails (list) --
A list of ImageDetail objects that contain data about the image.
(dict) --
An object that describes an image returned by a DescribeImages operation.
registryId (string) --
The Amazon Web Services account ID associated with the registry to which this image belongs.
repositoryName (string) --
The name of the repository to which this image belongs.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTags (list) --
The list of tags associated with this image.
imageSizeInBytes (integer) --
The size, in bytes, of the image in the repository.
If the image is a manifest list, this will be the max size of all manifests in the list.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images
command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages .
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindingsSummary (dict) --
A summary of the last completed image scan.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
imageManifestMediaType (string) --
The media type of the image manifest.
artifactMediaType (string) --
The artifact media type of the image.
lastRecordedPullTime (datetime) --
The date and time, expressed in standard JavaScript date format, when Amazon ECR recorded the last image pull.
Note
Amazon ECR refreshes the last image pull timestamp at least once every 24 hours. For example, if you pull an image once a day then the lastRecordedPullTime
timestamp will indicate the exact time that the image was last pulled. However, if you pull an image once an hour, because Amazon ECR refreshes the lastRecordedPullTime
timestamp at least once every 24 hours, the result may not be the exact time that the image was last pulled.
nextToken (string) --
The nextToken
value to include in a future DescribeImages
request. When the results of a DescribeImages
request exceed maxResults
, this value can be used to retrieve the next page of results. This value is null
when there are no more results to return.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ImageNotFoundException
describe_pull_through_cache_rules
(**kwargs)¶Returns the pull through cache rules for a registry.
See also: AWS API Documentation
Request Syntax
response = client.describe_pull_through_cache_rules(
registryId='string',
ecrRepositoryPrefixes=[
'string',
],
nextToken='string',
maxResults=123
)
The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.
nextToken
value returned from a previous paginated DescribePullThroughCacheRulesRequest
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null when there are no more results to return.DescribePullThroughCacheRulesRequest
in paginated output. When this parameter is used, DescribePullThroughCacheRulesRequest
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another DescribePullThroughCacheRulesRequest
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then DescribePullThroughCacheRulesRequest
returns up to 100 results and a nextToken
value, if applicable.dict
Response Syntax
{
'pullThroughCacheRules': [
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
pullThroughCacheRules (list) --
The details of the pull through cache rules.
(dict) --
The details of a pull through cache rule.
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time the pull through cache was created.
registryId (string) --
The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.
nextToken (string) --
The nextToken
value to include in a future DescribePullThroughCacheRulesRequest
request. When the results of a DescribePullThroughCacheRulesRequest
request exceed maxResults
, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
ECR.Client.exceptions.PullThroughCacheRuleNotFoundException
describe_registry
()¶Describes the settings for a registry. The replication configuration for a repository can be created or updated with the PutReplicationConfiguration API action.
See also: AWS API Documentation
Request Syntax
response = client.describe_registry()
{
'registryId': 'string',
'replicationConfiguration': {
'rules': [
{
'destinations': [
{
'region': 'string',
'registryId': 'string'
},
],
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'PREFIX_MATCH'
},
]
},
]
}
}
Response Structure
The ID of the registry.
The replication configuration for the registry.
An array of objects representing the replication destinations and repository filters for a replication configuration.
An array of objects representing the replication destinations and repository filters for a replication configuration.
An array of objects representing the destination for a replication rule.
An array of objects representing the destination for a replication rule.
The Region to replicate to.
The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.
An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.
The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.
The repository filter details. When the PREFIX_MATCH
filter type is specified, this value is required and should be the repository name prefix to configure replication for.
The repository filter type. The only supported value is PREFIX_MATCH
, which is a repository name prefix specified with the filter
parameter.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
describe_repositories
(**kwargs)¶Describes image repositories in a registry.
See also: AWS API Documentation
Request Syntax
response = client.describe_repositories(
registryId='string',
repositoryNames=[
'string',
],
nextToken='string',
maxResults=123
)
A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.
The nextToken
value returned from a previous paginated DescribeRepositories
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null
when there are no more results to return. This option cannot be used when you specify repositories with repositoryNames
.
Note
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
DescribeRepositories
in paginated output. When this parameter is used, DescribeRepositories
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another DescribeRepositories
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then DescribeRepositories
returns up to 100 results and a nextToken
value, if applicable. This option cannot be used when you specify repositories with repositoryNames
.dict
Response Syntax
{
'repositories': [
{
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
},
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
repositories (list) --
A list of repository objects corresponding to valid repositories.
(dict) --
An object representing a repository.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr
namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test
.
registryId (string) --
The Amazon Web Services account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for container image push
and pull
operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) --
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) --
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
nextToken (string) --
The nextToken
value to include in a future DescribeRepositories
request. When the results of a DescribeRepositories
request exceed maxResults
, this value can be used to retrieve the next page of results. This value is null
when there are no more results to return.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
Examples
The following example obtains a list and description of all repositories in the default registry to which the current user has access.
response = client.describe_repositories(
)
print(response)
Expected Output:
{
'repositories': [
{
'registryId': '012345678910',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678910:repository/ubuntu',
'repositoryName': 'ubuntu',
},
{
'registryId': '012345678910',
'repositoryArn': 'arn:aws:ecr:us-west-2:012345678910:repository/test',
'repositoryName': 'test',
},
],
'ResponseMetadata': {
'...': '...',
},
}
Retrieves an authorization token. An authorization token represents your IAM authentication credentials and can be used to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours.
The authorizationToken
returned is a base64 encoded string that can be decoded and used in a docker login
command to authenticate to a registry. The CLI offers an get-login-password
command that simplifies the login process. For more information, see Registry authentication in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_authorization_token(
registryIds=[
'string',
]
)
A list of Amazon Web Services account IDs that are associated with the registries for which to get AuthorizationData objects. If you do not specify a registry, the default registry is assumed.
{
'authorizationData': [
{
'authorizationToken': 'string',
'expiresAt': datetime(2015, 1, 1),
'proxyEndpoint': 'string'
},
]
}
Response Structure
A list of authorization token data objects that correspond to the registryIds
values in the request.
An object representing authorization data for an Amazon ECR registry.
A base64-encoded string that contains authorization data for the specified Amazon ECR registry. When the string is decoded, it is presented in the format user:password
for private registry authentication using docker login
.
The Unix time in seconds and milliseconds when the authorization token expires. Authorization tokens are valid for 12 hours.
The registry URL to use for this authorization token in a docker login
command. The Amazon ECR registry URL format is https://aws_account_id.dkr.ecr.region.amazonaws.com
. For example, https://012345678910.dkr.ecr.us-east-1.amazonaws.com
..
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
get_download_url_for_layer
(**kwargs)¶Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer. You can only get URLs for image layers that are referenced in an image.
When an image is pulled, the GetDownloadUrlForLayer API is called once per image layer that is not already cached.
Note
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker
CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.get_download_url_for_layer(
registryId='string',
repositoryName='string',
layerDigest='string'
)
[REQUIRED]
The name of the repository that is associated with the image layer to download.
[REQUIRED]
The digest of the image layer to download.
dict
Response Syntax
{
'downloadUrl': 'string',
'layerDigest': 'string'
}
Response Structure
(dict) --
downloadUrl (string) --
The pre-signed Amazon S3 download URL for the requested layer.
layerDigest (string) --
The digest of the image layer to download.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.LayersNotFoundException
ECR.Client.exceptions.LayerInaccessibleException
ECR.Client.exceptions.RepositoryNotFoundException
get_lifecycle_policy
(**kwargs)¶Retrieves the lifecycle policy for the specified repository.
See also: AWS API Documentation
Request Syntax
response = client.get_lifecycle_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'lastEvaluatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
lastEvaluatedAt (datetime) --
The time stamp of the last time that the lifecycle policy was run.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.LifecyclePolicyNotFoundException
get_lifecycle_policy_preview
(**kwargs)¶Retrieves the results of the lifecycle policy preview request for the specified repository.
See also: AWS API Documentation
Request Syntax
response = client.get_lifecycle_policy_preview(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
}
)
[REQUIRED]
The name of the repository.
The list of imageIDs to be included.
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
nextToken
value returned from a previous paginated GetLifecyclePolicyPreviewRequest
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null
when there are no more results to return. This option cannot be used when you specify images with imageIds
.GetLifecyclePolicyPreviewRequest
in paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another GetLifecyclePolicyPreviewRequest
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then GetLifecyclePolicyPreviewRequest
returns up to 100 results and a nextToken
value, if applicable. This option cannot be used when you specify images with imageIds
.An optional parameter that filters results based on image tag status and all tags, if tagged.
The tag status of the image.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'EXPIRED'|'FAILED',
'nextToken': 'string',
'previewResults': [
{
'imageTags': [
'string',
],
'imageDigest': 'string',
'imagePushedAt': datetime(2015, 1, 1),
'action': {
'type': 'EXPIRE'
},
'appliedRulePriority': 123
},
],
'summary': {
'expiringImageTotalCount': 123
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
status (string) --
The status of the lifecycle policy preview request.
nextToken (string) --
The nextToken
value to include in a future GetLifecyclePolicyPreview
request. When the results of a GetLifecyclePolicyPreview
request exceed maxResults
, this value can be used to retrieve the next page of results. This value is null
when there are no more results to return.
previewResults (list) --
The results of the lifecycle policy preview request.
(dict) --
The result of the lifecycle policy preview.
imageTags (list) --
The list of tags associated with this image.
imageDigest (string) --
The sha256
digest of the image manifest.
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
action (dict) --
The type of action to be taken.
type (string) --
The type of action to be taken.
appliedRulePriority (integer) --
The priority of the applied rule.
summary (dict) --
The list of images that is returned as a result of the action.
expiringImageTotalCount (integer) --
The number of expiring images.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.LifecyclePolicyPreviewNotFoundException
get_paginator
(operation_name)¶Create a paginator for an operation.
create_foo
, and you'd normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.client.can_paginate
method to
check if an operation is pageable.get_registry_policy
()¶Retrieves the permissions policy for a registry.
See also: AWS API Documentation
Request Syntax
response = client.get_registry_policy()
{
'registryId': 'string',
'policyText': 'string'
}
Response Structure
The ID of the registry.
The JSON text of the permissions policy for a registry.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RegistryPolicyNotFoundException
ECR.Client.exceptions.ValidationException
get_registry_scanning_configuration
()¶Retrieves the scanning configuration for a registry.
See also: AWS API Documentation
Request Syntax
response = client.get_registry_scanning_configuration()
{
'registryId': 'string',
'scanningConfiguration': {
'scanType': 'BASIC'|'ENHANCED',
'rules': [
{
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
]
}
}
Response Structure
The ID of the registry.
The scanning configuration for the registry.
The type of scanning configured for the registry.
The scanning rules associated with the registry.
The details of a scanning rule for a private registry.
The frequency that scans are performed at for a private registry. When the ENHANCED
scan type is specified, the supported scan frequencies are CONTINUOUS_SCAN
and SCAN_ON_PUSH
. When the BASIC
scan type is specified, the SCAN_ON_PUSH
and MANUAL
scan frequencies are supported.
The repository filters associated with the scanning configuration for a private registry.
The details of a scanning repository filter. For more information on how to use filters, see Using filters in the Amazon Elastic Container Registry User Guide .
The filter to use when scanning.
The type associated with the filter.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
get_repository_policy
(**kwargs)¶Retrieves the repository policy for the specified repository.
See also: AWS API Documentation
Request Syntax
response = client.get_repository_policy(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository with the policy to retrieve.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'policyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
policyText (string) --
The JSON repository policy text associated with the repository.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.RepositoryPolicyNotFoundException
Examples
This example obtains the repository policy for the repository named ubuntu.
response = client.get_repository_policy(
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'policyText': '{\n "Version" : "2008-10-17",\n "Statement" : [ {\n "Sid" : "new statement",\n "Effect" : "Allow",\n "Principal" : {\n "AWS" : "arn:aws:iam::012345678901:role/CodeDeployDemo"\n },\n"Action" : [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ]\n } ]\n}',
'registryId': '012345678901',
'repositoryName': 'ubuntu',
'ResponseMetadata': {
'...': '...',
},
}
get_waiter
(waiter_name)¶Returns an object that can wait for some condition.
initiate_layer_upload
(**kwargs)¶Notifies Amazon ECR that you intend to upload an image layer.
When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action.
Note
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker
CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.initiate_layer_upload(
registryId='string',
repositoryName='string'
)
[REQUIRED]
The name of the repository to which you intend to upload layers.
dict
Response Syntax
{
'uploadId': 'string',
'partSize': 123
}
Response Structure
(dict) --
uploadId (string) --
The upload ID for the layer upload. This parameter is passed to further UploadLayerPart and CompleteLayerUpload operations.
partSize (integer) --
The size, in bytes, that Amazon ECR expects future layer part uploads to be.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.KmsException
list_images
(**kwargs)¶Lists all the image IDs for the specified repository.
You can filter images based on whether or not they are tagged by using the tagStatus
filter and specifying either TAGGED
, UNTAGGED
or ANY
. For example, you can filter your results to return only UNTAGGED
images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only TAGGED
images to list all of the tags in your repository.
See also: AWS API Documentation
Request Syntax
response = client.list_images(
registryId='string',
repositoryName='string',
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
}
)
[REQUIRED]
The repository with image IDs to be listed.
The nextToken
value returned from a previous paginated ListImages
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null
when there are no more results to return.
Note
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
ListImages
in paginated output. When this parameter is used, ListImages
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another ListImages
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then ListImages
returns up to 100 results and a nextToken
value, if applicable.The filter key and value with which to filter your ListImages
results.
The tag status with which to filter your ListImages results. You can filter results based on whether they are TAGGED
or UNTAGGED
.
dict
Response Syntax
{
'imageIds': [
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
imageIds (list) --
The list of image IDs for the requested repository.
(dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
nextToken (string) --
The nextToken
value to include in a future ListImages
request. When the results of a ListImages
request exceed maxResults
, this value can be used to retrieve the next page of results. This value is null
when there are no more results to return.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
Examples
This example lists all of the images in the repository named ubuntu in the default registry in the current account.
response = client.list_images(
repositoryName='ubuntu',
)
print(response)
Expected Output:
{
'imageIds': [
{
'imageDigest': 'sha256:764f63476bdff6d83a09ba2a818f0d35757063724a9ac3ba5019c56f74ebf42a',
'imageTag': 'precise',
},
],
'ResponseMetadata': {
'...': '...',
},
}
List the tags for an Amazon ECR resource.
See also: AWS API Documentation
Request Syntax
response = client.list_tags_for_resource(
resourceArn='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the only supported resource is an Amazon ECR repository.
{
'tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
The tags for the resource.
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
One part of a key-value pair that make up a tag. A key
is a general label that acts like a category for more specific tag values.
A value
acts as a descriptor within a tag category (key).
Exceptions
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ServerException
put_image
(**kwargs)¶Creates or updates the image manifest and tags associated with an image.
When an image is pushed and all new image layers have been uploaded, the PutImage API is called once to create or update the image manifest and the tags associated with the image.
Note
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker
CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.put_image(
registryId='string',
repositoryName='string',
imageManifest='string',
imageManifestMediaType='string',
imageTag='string',
imageDigest='string'
)
[REQUIRED]
The name of the repository in which to put the image.
[REQUIRED]
The image manifest corresponding to the image to be uploaded.
mediaType
field, you must specify the imageManifestMediaType
in the request.dict
Response Syntax
{
'image': {
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageManifest': 'string',
'imageManifestMediaType': 'string'
}
}
Response Structure
(dict) --
image (dict) --
Details of the image uploaded.
registryId (string) --
The Amazon Web Services account ID associated with the registry containing the image.
repositoryName (string) --
The name of the repository associated with the image.
imageId (dict) --
An object containing the image tag and image digest associated with an image.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageManifest (string) --
The image manifest associated with the image.
imageManifestMediaType (string) --
The manifest media type of the image.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ImageAlreadyExistsException
ECR.Client.exceptions.LayersNotFoundException
ECR.Client.exceptions.ReferencedImagesNotFoundException
ECR.Client.exceptions.LimitExceededException
ECR.Client.exceptions.ImageTagAlreadyExistsException
ECR.Client.exceptions.ImageDigestDoesNotMatchException
ECR.Client.exceptions.KmsException
put_image_scanning_configuration
(**kwargs)¶Warning
The PutImageScanningConfiguration
API is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see PutRegistryScanningConfiguration .
Updates the image scanning configuration for the specified repository.
See also: AWS API Documentation
Request Syntax
response = client.put_image_scanning_configuration(
registryId='string',
repositoryName='string',
imageScanningConfiguration={
'scanOnPush': True|False
}
)
[REQUIRED]
The name of the repository in which to update the image scanning configuration setting.
[REQUIRED]
The image scanning configuration for the repository. This setting determines whether images are scanned for known vulnerabilities after being pushed to the repository.
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageScanningConfiguration': {
'scanOnPush': True|False
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageScanningConfiguration (dict) --
The image scanning configuration setting for the repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ValidationException
put_image_tag_mutability
(**kwargs)¶Updates the image tag mutability settings for the specified repository. For more information, see Image tag mutability in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_image_tag_mutability(
registryId='string',
repositoryName='string',
imageTagMutability='MUTABLE'|'IMMUTABLE'
)
[REQUIRED]
The name of the repository in which to update the image tag mutability settings.
[REQUIRED]
The tag mutability setting for the repository. If MUTABLE
is specified, image tags can be overwritten. If IMMUTABLE
is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageTagMutability': 'MUTABLE'|'IMMUTABLE'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageTagMutability (string) --
The image tag mutability setting for the repository.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
put_lifecycle_policy
(**kwargs)¶Creates or updates the lifecycle policy for the specified repository. For more information, see Lifecycle policy template .
See also: AWS API Documentation
Request Syntax
response = client.put_lifecycle_policy(
registryId='string',
repositoryName='string',
lifecyclePolicyText='string'
)
[REQUIRED]
The name of the repository to receive the policy.
[REQUIRED]
The JSON repository policy text to apply to the repository.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON repository policy text.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
put_registry_policy
(**kwargs)¶Creates or updates the permissions policy for your registry.
A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.put_registry_policy(
policyText='string'
)
[REQUIRED]
The JSON policy text to apply to your registry. The policy text follows the same format as IAM policy text. For more information, see Registry permissions in the Amazon Elastic Container Registry User Guide .
{
'registryId': 'string',
'policyText': 'string'
}
Response Structure
The registry ID.
The JSON policy text for your registry.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
put_registry_scanning_configuration
(**kwargs)¶Creates or updates the scanning configuration for your private registry.
See also: AWS API Documentation
Request Syntax
response = client.put_registry_scanning_configuration(
scanType='BASIC'|'ENHANCED',
rules=[
{
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
]
)
The scanning type to set for the registry.
When a registry scanning configuration is not defined, by default the BASIC
scan type is used. When basic scanning is used, you may specify filters to determine which individual repositories, or all repositories, are scanned when new images are pushed to those repositories. Alternatively, you can do manual scans of images with basic scanning.
When the ENHANCED
scan type is set, Amazon Inspector provides automated vulnerability scanning. You may choose between continuous scanning or scan on push and you may specify filters to determine which individual repositories, or all repositories, are scanned.
The scanning rules to use for the registry. A scanning rule is used to determine which repository filters are used and at what frequency scanning will occur.
The details of a scanning rule for a private registry.
The frequency that scans are performed at for a private registry. When the ENHANCED
scan type is specified, the supported scan frequencies are CONTINUOUS_SCAN
and SCAN_ON_PUSH
. When the BASIC
scan type is specified, the SCAN_ON_PUSH
and MANUAL
scan frequencies are supported.
The repository filters associated with the scanning configuration for a private registry.
The details of a scanning repository filter. For more information on how to use filters, see Using filters in the Amazon Elastic Container Registry User Guide .
The filter to use when scanning.
The type associated with the filter.
dict
Response Syntax
{
'registryScanningConfiguration': {
'scanType': 'BASIC'|'ENHANCED',
'rules': [
{
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
]
}
}
Response Structure
(dict) --
registryScanningConfiguration (dict) --
The scanning configuration for your registry.
scanType (string) --
The type of scanning configured for the registry.
rules (list) --
The scanning rules associated with the registry.
(dict) --
The details of a scanning rule for a private registry.
scanFrequency (string) --
The frequency that scans are performed at for a private registry. When the ENHANCED
scan type is specified, the supported scan frequencies are CONTINUOUS_SCAN
and SCAN_ON_PUSH
. When the BASIC
scan type is specified, the SCAN_ON_PUSH
and MANUAL
scan frequencies are supported.
repositoryFilters (list) --
The repository filters associated with the scanning configuration for a private registry.
(dict) --
The details of a scanning repository filter. For more information on how to use filters, see Using filters in the Amazon Elastic Container Registry User Guide .
filter (string) --
The filter to use when scanning.
filterType (string) --
The type associated with the filter.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
put_replication_configuration
(**kwargs)¶Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide .
Note
When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy .
See also: AWS API Documentation
Request Syntax
response = client.put_replication_configuration(
replicationConfiguration={
'rules': [
{
'destinations': [
{
'region': 'string',
'registryId': 'string'
},
],
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'PREFIX_MATCH'
},
]
},
]
}
)
[REQUIRED]
An object representing the replication configuration for a registry.
An array of objects representing the replication destinations and repository filters for a replication configuration.
An array of objects representing the replication destinations and repository filters for a replication configuration.
An array of objects representing the destination for a replication rule.
An array of objects representing the destination for a replication rule.
The Region to replicate to.
The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.
An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.
The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.
The repository filter details. When the PREFIX_MATCH
filter type is specified, this value is required and should be the repository name prefix to configure replication for.
The repository filter type. The only supported value is PREFIX_MATCH
, which is a repository name prefix specified with the filter
parameter.
{
'replicationConfiguration': {
'rules': [
{
'destinations': [
{
'region': 'string',
'registryId': 'string'
},
],
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'PREFIX_MATCH'
},
]
},
]
}
}
Response Structure
The contents of the replication configuration for the registry.
An array of objects representing the replication destinations and repository filters for a replication configuration.
An array of objects representing the replication destinations and repository filters for a replication configuration.
An array of objects representing the destination for a replication rule.
An array of objects representing the destination for a replication rule.
The Region to replicate to.
The Amazon Web Services account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID.
An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.
The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no repository filter is specified, all images in the repository are replicated.
The repository filter details. When the PREFIX_MATCH
filter type is specified, this value is required and should be the repository name prefix to configure replication for.
The repository filter type. The only supported value is PREFIX_MATCH
, which is a repository name prefix specified with the filter
parameter.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.ValidationException
set_repository_policy
(**kwargs)¶Applies a repository policy to the specified repository to control access permissions. For more information, see Amazon ECR Repository policies in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.set_repository_policy(
registryId='string',
repositoryName='string',
policyText='string',
force=True|False
)
[REQUIRED]
The name of the repository to receive the policy.
[REQUIRED]
The JSON repository policy text to apply to the repository. For more information, see Amazon ECR repository policies in the Amazon Elastic Container Registry User Guide .
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'policyText': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
policyText (string) --
The JSON repository policy text applied to the repository.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
start_image_scan
(**kwargs)¶Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see Image scanning in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
response = client.start_image_scan(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
}
)
[REQUIRED]
The name of the repository that contains the images to scan.
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.UnsupportedImageTypeException
ECR.Client.exceptions.LimitExceededException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ImageNotFoundException
ECR.Client.exceptions.ValidationException
start_lifecycle_policy_preview
(**kwargs)¶Starts a preview of a lifecycle policy for the specified repository. This allows you to see the results before associating the lifecycle policy with the repository.
See also: AWS API Documentation
Request Syntax
response = client.start_lifecycle_policy_preview(
registryId='string',
repositoryName='string',
lifecyclePolicyText='string'
)
[REQUIRED]
The name of the repository to be evaluated.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'EXPIRED'|'FAILED'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON repository policy text.
status (string) --
The status of the lifecycle policy preview request.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.LifecyclePolicyNotFoundException
ECR.Client.exceptions.LifecyclePolicyPreviewInProgressException
tag_resource
(**kwargs)¶Adds specified tags to a resource with the specified ARN. Existing tags on a resource are not changed if they are not specified in the request parameters.
See also: AWS API Documentation
Request Syntax
response = client.tag_resource(
resourceArn='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The Amazon Resource Name (ARN) of the the resource to which to add tags. Currently, the only supported resource is an Amazon ECR repository.
[REQUIRED]
The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
One part of a key-value pair that make up a tag. A key
is a general label that acts like a category for more specific tag values.
A value
acts as a descriptor within a tag category (key).
dict
Response Syntax
{}
Response Structure
Exceptions
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.InvalidTagParameterException
ECR.Client.exceptions.TooManyTagsException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ServerException
untag_resource
(**kwargs)¶Deletes specified tags from a resource.
See also: AWS API Documentation
Request Syntax
response = client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
[REQUIRED]
The Amazon Resource Name (ARN) of the resource from which to remove tags. Currently, the only supported resource is an Amazon ECR repository.
[REQUIRED]
The keys of the tags to be removed.
dict
Response Syntax
{}
Response Structure
Exceptions
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.InvalidTagParameterException
ECR.Client.exceptions.TooManyTagsException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.ServerException
upload_layer_part
(**kwargs)¶Uploads an image layer part to Amazon ECR.
When an image is pushed, each new image layer is uploaded in parts. The maximum size of each image layer part can be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per each new image layer part.
Note
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker
CLI to pull, tag, and push images.
See also: AWS API Documentation
Request Syntax
response = client.upload_layer_part(
registryId='string',
repositoryName='string',
uploadId='string',
partFirstByte=123,
partLastByte=123,
layerPartBlob=b'bytes'
)
[REQUIRED]
The name of the repository to which you are uploading layer parts.
[REQUIRED]
The upload ID from a previous InitiateLayerUpload operation to associate with the layer part upload.
[REQUIRED]
The position of the first byte of the layer part witin the overall image layer.
[REQUIRED]
The position of the last byte of the layer part within the overall image layer.
[REQUIRED]
The base64-encoded layer part payload.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'uploadId': 'string',
'lastByteReceived': 123
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
uploadId (string) --
The upload ID associated with the request.
lastByteReceived (integer) --
The integer value of the last byte received in the request.
Exceptions
ECR.Client.exceptions.ServerException
ECR.Client.exceptions.InvalidParameterException
ECR.Client.exceptions.InvalidLayerPartException
ECR.Client.exceptions.RepositoryNotFoundException
ECR.Client.exceptions.UploadNotFoundException
ECR.Client.exceptions.LimitExceededException
ECR.Client.exceptions.KmsException
The available paginators are:
ECR.Paginator.DescribeImageScanFindings
ECR.Paginator.DescribeImages
ECR.Paginator.DescribePullThroughCacheRules
ECR.Paginator.DescribeRepositories
ECR.Paginator.GetLifecyclePolicyPreview
ECR.Paginator.ListImages
ECR.Paginator.
DescribeImageScanFindings
¶paginator = client.get_paginator('describe_image_scan_findings')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from ECR.Client.describe_image_scan_findings()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The repository for the image for which to describe the scan findings.
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
},
'imageScanFindings': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
},
'findings': [
{
'name': 'string',
'description': 'string',
'uri': 'string',
'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNDEFINED',
'attributes': [
{
'key': 'string',
'value': 'string'
},
]
},
],
'enhancedFindings': [
{
'awsAccountId': 'string',
'description': 'string',
'findingArn': 'string',
'firstObservedAt': datetime(2015, 1, 1),
'lastObservedAt': datetime(2015, 1, 1),
'packageVulnerabilityDetails': {
'cvss': [
{
'baseScore': 123.0,
'scoringVector': 'string',
'source': 'string',
'version': 'string'
},
],
'referenceUrls': [
'string',
],
'relatedVulnerabilities': [
'string',
],
'source': 'string',
'sourceUrl': 'string',
'vendorCreatedAt': datetime(2015, 1, 1),
'vendorSeverity': 'string',
'vendorUpdatedAt': datetime(2015, 1, 1),
'vulnerabilityId': 'string',
'vulnerablePackages': [
{
'arch': 'string',
'epoch': 123,
'filePath': 'string',
'name': 'string',
'packageManager': 'string',
'release': 'string',
'sourceLayerHash': 'string',
'version': 'string'
},
]
},
'remediation': {
'recommendation': {
'url': 'string',
'text': 'string'
}
},
'resources': [
{
'details': {
'awsEcrContainerImage': {
'architecture': 'string',
'author': 'string',
'imageHash': 'string',
'imageTags': [
'string',
],
'platform': 'string',
'pushedAt': datetime(2015, 1, 1),
'registry': 'string',
'repositoryName': 'string'
}
},
'id': 'string',
'tags': {
'string': 'string'
},
'type': 'string'
},
],
'score': 123.0,
'scoreDetails': {
'cvss': {
'adjustments': [
{
'metric': 'string',
'reason': 'string'
},
],
'score': 123.0,
'scoreSource': 'string',
'scoringVector': 'string',
'version': 'string'
}
},
'severity': 'string',
'status': 'string',
'title': 'string',
'type': 'string',
'updatedAt': datetime(2015, 1, 1)
},
]
},
'NextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindings (dict) --
The information contained in the image scan findings.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
findings (list) --
The findings from the image scan.
(dict) --
Contains information about an image scan finding.
name (string) --
The name associated with the finding, usually a CVE number.
description (string) --
The description of the finding.
uri (string) --
A link containing additional details about the security vulnerability.
severity (string) --
The finding severity.
attributes (list) --
A collection of attributes of the host from which the finding is generated.
(dict) --
This data type is used in the ImageScanFinding data type.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
enhancedFindings (list) --
Details about the enhanced scan findings from Amazon Inspector.
(dict) --
The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.
awsAccountId (string) --
The Amazon Web Services account ID associated with the image.
description (string) --
The description of the finding.
findingArn (string) --
The Amazon Resource Number (ARN) of the finding.
firstObservedAt (datetime) --
The date and time that the finding was first observed.
lastObservedAt (datetime) --
The date and time that the finding was last observed.
packageVulnerabilityDetails (dict) --
An object that contains the details of a package vulnerability finding.
cvss (list) --
An object that contains details about the CVSS score of a finding.
(dict) --
The CVSS score for a finding.
baseScore (float) --
The base CVSS score used for the finding.
scoringVector (string) --
The vector string of the CVSS score.
source (string) --
The source of the CVSS score.
version (string) --
The version of CVSS used for the score.
referenceUrls (list) --
One or more URLs that contain details about this vulnerability type.
relatedVulnerabilities (list) --
One or more vulnerabilities related to the one identified in this finding.
source (string) --
The source of the vulnerability information.
sourceUrl (string) --
A URL to the source of the vulnerability information.
vendorCreatedAt (datetime) --
The date and time that this vulnerability was first added to the vendor's database.
vendorSeverity (string) --
The severity the vendor has given to this vulnerability type.
vendorUpdatedAt (datetime) --
The date and time the vendor last updated this vulnerability in their database.
vulnerabilityId (string) --
The ID given to this vulnerability.
vulnerablePackages (list) --
The packages impacted by this vulnerability.
(dict) --
Information on the vulnerable package identified by a finding.
arch (string) --
The architecture of the vulnerable package.
epoch (integer) --
The epoch of the vulnerable package.
filePath (string) --
The file path of the vulnerable package.
name (string) --
The name of the vulnerable package.
packageManager (string) --
The package manager of the vulnerable package.
release (string) --
The release of the vulnerable package.
sourceLayerHash (string) --
The source layer hash of the vulnerable package.
version (string) --
The version of the vulnerable package.
remediation (dict) --
An object that contains the details about how to remediate a finding.
recommendation (dict) --
An object that contains information about the recommended course of action to remediate the finding.
url (string) --
The URL address to the CVE remediation recommendations.
text (string) --
The recommended course of action to remediate the finding.
resources (list) --
Contains information on the resources involved in a finding.
(dict) --
Details about the resource involved in a finding.
details (dict) --
An object that contains details about the resource involved in a finding.
awsEcrContainerImage (dict) --
An object that contains details about the Amazon ECR container image involved in the finding.
architecture (string) --
The architecture of the Amazon ECR container image.
author (string) --
The image author of the Amazon ECR container image.
imageHash (string) --
The image hash of the Amazon ECR container image.
imageTags (list) --
The image tags attached to the Amazon ECR container image.
platform (string) --
The platform of the Amazon ECR container image.
pushedAt (datetime) --
The date and time the Amazon ECR container image was pushed.
registry (string) --
The registry the Amazon ECR container image belongs to.
repositoryName (string) --
The name of the repository the Amazon ECR container image resides in.
id (string) --
The ID of the resource.
tags (dict) --
The tags attached to the resource.
type (string) --
The type of resource.
score (float) --
The Amazon Inspector score given to the finding.
scoreDetails (dict) --
An object that contains details of the Amazon Inspector score.
cvss (dict) --
An object that contains details about the CVSS score given to a finding.
adjustments (list) --
An object that contains details about adjustment Amazon Inspector made to the CVSS score.
(dict) --
Details on adjustments Amazon Inspector made to the CVSS score for a finding.
metric (string) --
The metric used to adjust the CVSS score.
reason (string) --
The reason the CVSS score has been adjustment.
score (float) --
The CVSS score.
scoreSource (string) --
The source for the CVSS score.
scoringVector (string) --
The vector for the CVSS score.
version (string) --
The CVSS version used in scoring.
severity (string) --
The severity of the finding.
status (string) --
The status of the finding.
title (string) --
The title of the finding.
type (string) --
The type of the finding.
updatedAt (datetime) --
The date and time the finding was last updated at.
NextToken (string) --
A token to resume pagination.
ECR.Paginator.
DescribeImages
¶paginator = client.get_paginator('describe_images')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from ECR.Client.describe_images()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The repository that contains the images to describe.
The list of image IDs for the requested repository.
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
The filter key and value with which to filter your DescribeImages
results.
The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED
or UNTAGGED
.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'imageDetails': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageDigest': 'string',
'imageTags': [
'string',
],
'imageSizeInBytes': 123,
'imagePushedAt': datetime(2015, 1, 1),
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
},
'imageScanFindingsSummary': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
}
},
'imageManifestMediaType': 'string',
'artifactMediaType': 'string',
'lastRecordedPullTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
imageDetails (list) --
A list of ImageDetail objects that contain data about the image.
(dict) --
An object that describes an image returned by a DescribeImages operation.
registryId (string) --
The Amazon Web Services account ID associated with the registry to which this image belongs.
repositoryName (string) --
The name of the repository to which this image belongs.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTags (list) --
The list of tags associated with this image.
imageSizeInBytes (integer) --
The size, in bytes, of the image in the repository.
If the image is a manifest list, this will be the max size of all manifests in the list.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images
command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages .
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindingsSummary (dict) --
A summary of the last completed image scan.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
imageManifestMediaType (string) --
The media type of the image manifest.
artifactMediaType (string) --
The artifact media type of the image.
lastRecordedPullTime (datetime) --
The date and time, expressed in standard JavaScript date format, when Amazon ECR recorded the last image pull.
Note
Amazon ECR refreshes the last image pull timestamp at least once every 24 hours. For example, if you pull an image once a day then the lastRecordedPullTime
timestamp will indicate the exact time that the image was last pulled. However, if you pull an image once an hour, because Amazon ECR refreshes the lastRecordedPullTime
timestamp at least once every 24 hours, the result may not be the exact time that the image was last pulled.
NextToken (string) --
A token to resume pagination.
ECR.Paginator.
DescribePullThroughCacheRules
¶paginator = client.get_paginator('describe_pull_through_cache_rules')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from ECR.Client.describe_pull_through_cache_rules()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
ecrRepositoryPrefixes=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'pullThroughCacheRules': [
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
pullThroughCacheRules (list) --
The details of the pull through cache rules.
(dict) --
The details of a pull through cache rule.
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time the pull through cache was created.
registryId (string) --
The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.
NextToken (string) --
A token to resume pagination.
ECR.Paginator.
DescribeRepositories
¶paginator = client.get_paginator('describe_repositories')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from ECR.Client.describe_repositories()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryNames=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A list of repositories to describe. If this parameter is omitted, then all repositories in a registry are described.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'repositories': [
{
'repositoryArn': 'string',
'registryId': 'string',
'repositoryName': 'string',
'repositoryUri': 'string',
'createdAt': datetime(2015, 1, 1),
'imageTagMutability': 'MUTABLE'|'IMMUTABLE',
'imageScanningConfiguration': {
'scanOnPush': True|False
},
'encryptionConfiguration': {
'encryptionType': 'AES256'|'KMS',
'kmsKey': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
repositories (list) --
A list of repository objects corresponding to valid repositories.
(dict) --
An object representing a repository.
repositoryArn (string) --
The Amazon Resource Name (ARN) that identifies the repository. The ARN contains the arn:aws:ecr
namespace, followed by the region of the repository, Amazon Web Services account ID of the repository owner, repository namespace, and repository name. For example, arn:aws:ecr:region:012345678910:repository/test
.
registryId (string) --
The Amazon Web Services account ID associated with the registry that contains the repository.
repositoryName (string) --
The name of the repository.
repositoryUri (string) --
The URI for the repository. You can use this URI for container image push
and pull
operations.
createdAt (datetime) --
The date and time, in JavaScript date format, when the repository was created.
imageTagMutability (string) --
The tag mutability setting for the repository.
imageScanningConfiguration (dict) --
The image scanning configuration for a repository.
scanOnPush (boolean) --
The setting that determines whether images are scanned after being pushed to a repository. If set to true
, images will be scanned after being pushed. If this parameter is not specified, it will default to false
and images will not be scanned unless a scan is manually started with the API_StartImageScan API.
encryptionConfiguration (dict) --
The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
encryptionType (string) --
The encryption type to use.
If you use the KMS
encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide .
If you use the AES256
encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide .
kmsKey (string) --
If you use the KMS
encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default Amazon Web Services managed KMS key for Amazon ECR will be used.
NextToken (string) --
A token to resume pagination.
ECR.Paginator.
GetLifecyclePolicyPreview
¶paginator = client.get_paginator('get_lifecycle_policy_preview')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from ECR.Client.get_lifecycle_policy_preview()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the repository.
The list of imageIDs to be included.
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
An optional parameter that filters results based on image tag status and all tags, if tagged.
The tag status of the image.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'lifecyclePolicyText': 'string',
'status': 'IN_PROGRESS'|'COMPLETE'|'EXPIRED'|'FAILED',
'previewResults': [
{
'imageTags': [
'string',
],
'imageDigest': 'string',
'imagePushedAt': datetime(2015, 1, 1),
'action': {
'type': 'EXPIRE'
},
'appliedRulePriority': 123
},
],
'summary': {
'expiringImageTotalCount': 123
},
'NextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
lifecyclePolicyText (string) --
The JSON lifecycle policy text.
status (string) --
The status of the lifecycle policy preview request.
previewResults (list) --
The results of the lifecycle policy preview request.
(dict) --
The result of the lifecycle policy preview.
imageTags (list) --
The list of tags associated with this image.
imageDigest (string) --
The sha256
digest of the image manifest.
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
action (dict) --
The type of action to be taken.
type (string) --
The type of action to be taken.
appliedRulePriority (integer) --
The priority of the applied rule.
summary (dict) --
The list of images that is returned as a result of the action.
expiringImageTotalCount (integer) --
The number of expiring images.
NextToken (string) --
A token to resume pagination.
ECR.Paginator.
ListImages
¶paginator = client.get_paginator('list_images')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from ECR.Client.list_images()
.
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
registryId='string',
repositoryName='string',
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The repository with image IDs to be listed.
The filter key and value with which to filter your ListImages
results.
The tag status with which to filter your ListImages results. You can filter results based on whether they are TAGGED
or UNTAGGED
.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken
will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken
from a previous response.
dict
Response Syntax
{
'imageIds': [
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
imageIds (list) --
The list of image IDs for the requested repository.
(dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256
digest of the image manifest.
imageTag (string) --
The tag used for the image.
NextToken (string) --
A token to resume pagination.
The available waiters are:
ECR.Waiter.
ImageScanComplete
¶waiter = client.get_waiter('image_scan_complete')
wait
(**kwargs)¶Polls ECR.Client.describe_image_scan_findings()
every 5 seconds until a successful state is reached. An error is returned after 60 failed checks.
See also: AWS API Documentation
Request Syntax
waiter.wait(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
nextToken='string',
maxResults=123,
WaiterConfig={
'Delay': 123,
'MaxAttempts': 123
}
)
[REQUIRED]
The repository for the image for which to describe the scan findings.
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
nextToken
value returned from a previous paginated DescribeImageScanFindings
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null when there are no more results to return.DescribeImageScanFindings
in paginated output. When this parameter is used, DescribeImageScanFindings
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another DescribeImageScanFindings
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImageScanFindings
returns up to 100 results and a nextToken
value, if applicable.A dictionary that provides parameters to control waiting behavior.
The amount of time in seconds to wait between attempts. Default: 5
The maximum number of attempts to be made. Default: 60
None
ECR.Waiter.
LifecyclePolicyPreviewComplete
¶waiter = client.get_waiter('lifecycle_policy_preview_complete')
wait
(**kwargs)¶Polls ECR.Client.get_lifecycle_policy_preview()
every 5 seconds until a successful state is reached. An error is returned after 20 failed checks.
See also: AWS API Documentation
Request Syntax
waiter.wait(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
},
WaiterConfig={
'Delay': 123,
'MaxAttempts': 123
}
)
[REQUIRED]
The name of the repository.
The list of imageIDs to be included.
An object with identifying information for an image in an Amazon ECR repository.
The sha256
digest of the image manifest.
The tag used for the image.
nextToken
value returned from a previous paginated GetLifecyclePolicyPreviewRequest
request where maxResults
was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken
value. This value is null
when there are no more results to return. This option cannot be used when you specify images with imageIds
.GetLifecyclePolicyPreviewRequest
in paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest
only returns maxResults
results in a single page along with a nextToken
response element. The remaining results of the initial request can be seen by sending another GetLifecyclePolicyPreviewRequest
request with the returned nextToken
value. This value can be between 1 and 1000. If this parameter is not used, then GetLifecyclePolicyPreviewRequest
returns up to 100 results and a nextToken
value, if applicable. This option cannot be used when you specify images with imageIds
.An optional parameter that filters results based on image tag status and all tags, if tagged.
The tag status of the image.
A dictionary that provides parameters to control waiting behavior.
The amount of time in seconds to wait between attempts. Default: 5
The maximum number of attempts to be made. Default: 20
None